axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject cvs commit: ws-axis/contrib/wss4j/src/org/apache/ws/security/util WSSecurityUtil.java
Date Tue, 21 Oct 2003 16:04:59 GMT
dims        2003/10/21 09:04:59

  Modified:    contrib/wss4j/keys BCMain.java
               contrib/wss4j/lib axis-ant.jar axis.jar jaxrpc.jar saaj.jar
               contrib/wss4j/src/org/apache/ws/security WSConstants.java
                        WSSecurityEngine.java errors.properties
               contrib/wss4j/src/org/apache/ws/security/components/crypto
                        BouncyCastle.java Merlin.java
               contrib/wss4j/src/org/apache/ws/security/message
                        WSEnvelopeBuilder.java
               contrib/wss4j/src/org/apache/ws/security/message/token
                        UsernameToken.java
               contrib/wss4j/src/org/apache/ws/security/util
                        WSSecurityUtil.java
  Added:       contrib/wss4j/samples/wssec/usernameToken Client.java
                        SimpleUsernameTokenAuthenticationHandler.java
                        clientdeploy.bat clientdeploy.wsdd readme run.bat
                        setcp.bat
               contrib/wss4j/samples/wssec/usernameToken/service
                        Service.java deploy.bat deploy.wsdd setcp.bat
                        undeploy.bat undeploy.wsdd userlist.properties
               contrib/wss4j/src/org/apache/ws/security
                        WSSUsernameTokenAddHandler.java
                        WSSUsernameTokenAuthenticationHandler.java
  Log:
  Updated with UsernameToken code from "Sanjesh Pathak" <sanjesh@soapknox.com>
  
  Notes:
  - Added TODO items that we need to fix.
  - Updated to latest axis jars.
  - cleanup code a bit
  - cleanup imports a bit.
  
  Revision  Changes    Path
  1.2       +12 -2     ws-axis/contrib/wss4j/keys/BCMain.java
  
  Index: BCMain.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/keys/BCMain.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- BCMain.java	14 Oct 2003 12:05:23 -0000	1.1
  +++ BCMain.java	21 Oct 2003 16:04:57 -0000	1.2
  @@ -1,8 +1,18 @@
   
   import org.bouncycastle.jce.provider.BouncyCastleProvider;
   
  -import java.io.*;
  -import java.security.*;
  +import java.io.FileInputStream;
  +import java.io.FileNotFoundException;
  +import java.io.FileOutputStream;
  +import java.io.IOException;
  +import java.io.InputStream;
  +import java.io.OutputStream;
  +import java.security.KeyStore;
  +import java.security.KeyStoreException;
  +import java.security.NoSuchAlgorithmException;
  +import java.security.NoSuchProviderException;
  +import java.security.Security;
  +import java.security.UnrecoverableKeyException;
   import java.security.cert.Certificate;
   import java.security.cert.CertificateException;
   import java.security.interfaces.RSAPrivateCrtKey;
  
  
  
  1.2       +69 -75    ws-axis/contrib/wss4j/lib/axis-ant.jar
  
  	<<Binary file>>
  
  
  1.2       +1965 -1965ws-axis/contrib/wss4j/lib/axis.jar
  
  	<<Binary file>>
  
  
  1.2       +150 -150  ws-axis/contrib/wss4j/lib/jaxrpc.jar
  
  	<<Binary file>>
  
  
  1.2       +64 -64    ws-axis/contrib/wss4j/lib/saaj.jar
  
  	<<Binary file>>
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/Client.java
  
  Index: Client.java
  ===================================================================
  package samples.wssec.usernameToken;
  
  import org.apache.axis.client.Call;
  import org.apache.axis.client.Service;
  
  import javax.xml.namespace.QName;
  
  public class Client {
      public static void main(String[] args) {
          try {
  
              String endpointURL = "http://localhost:8080/axis/services/UsernameTokenService";
  
              Service service = new Service();
              Call call = (Call) service.createCall();
  
              call.setUsername("myself");
              call.setPassword("mypassword");
  
  
              call.setTargetEndpointAddress(new java.net.URL(endpointURL));
              call.setOperationName(new QName("SimpleService", "testMethod"));
  
  
              String res = (String) call.invoke(new Object[]{});
  
  
              System.out.println(res);
          } catch (Exception e) {
              System.err.println(e.toString());
          }
      }
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/SimpleUsernameTokenAuthenticationHandler.java
  
  Index: SimpleUsernameTokenAuthenticationHandler.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package samples.wssec.usernameToken;
  
  import org.apache.axis.AxisFault;
  import org.apache.ws.security.WSSUsernameTokenAuthenticationHandler;
  
  import java.util.MissingResourceException;
  import java.util.ResourceBundle;
  
  /**
   * A simple and dirty WS-Security UsernameToken authentication handler which demonstrates
   * the use of WSSUsernameTokenAuthenticationHandler
   *
   * This handler implements getPassword method of WSSUsernameTokenAuthenticationHandler.
   * In real life scenarios one would implement this method getting the password for the user
   * from a database or from some robust mechanism.
   *
   * @author Sanjesh Pathak (sanjesh@soapknox.com)
   * 
   */
  
  public class SimpleUsernameTokenAuthenticationHandler extends WSSUsernameTokenAuthenticationHandler {
  
      private static ResourceBundle resources;
  
      static {
          try {
              resources = ResourceBundle.getBundle("samples.wssec.usernameToken.service.userlist");
          } catch (MissingResourceException e) {
              throw new RuntimeException(e.getMessage());
          }
      }
  
      /** Implementing the method
       * @param   username   User name
       * @throws  AxisFault   
       * @return  password for the username
       */
      public String getPassword(String username) throws AxisFault {
  
          String passwd = null;
          try {
              passwd = resources.getString(username);
          } catch (MissingResourceException e) {
              throw new AxisFault("Username does not exist", "Username does not exist", null, null);
          } catch (Exception e) {
              throw AxisFault.makeFault(e);
          }
          return passwd;
      }
  
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/clientdeploy.bat
  
  Index: clientdeploy.bat
  ===================================================================
  %JAVA_HOME%\bin\java org.apache.axis.utils.Admin client clientdeploy.wsdd
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/clientdeploy.wsdd
  
  Index: clientdeploy.wsdd
  ===================================================================
  <deployment xmlns="http://xml.apache.org/axis/wsdd/"
              xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
   <globalConfiguration>
    <requestFlow>
     <!-- define the client handler configuration -->
     <handler type="java:org.apache.ws.security.WSSUsernameTokenAddHandler">
      <parameter name="passwordType" value="PasswordDigest"/>
      <parameter name="mustUnderstand" value="true"/>
      <parameter name="actor" value="http://someuri"/>
     </handler>
    </requestFlow>
   </globalConfiguration>
  </deployment>
  
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/readme
  
  Index: readme
  ===================================================================
  The usernameToken sample demonstrates how to
  add WS-Security UsernameToken header to your client application. It also
  demonstrates WS-Security UsernameToken header authentication.
  
  The basic idea being that you can set username and password in your client by
    call.setUsername();
    call.setPassword();
  
  methods and the client side handler will take these values and build a Ws-Security
  UsernameToken header. The handler will also make sure that these username and password
  values are not passed with the HTTP header.
  
  The client side handler (WSSUsernameTokenAddHandler.java) will accept these parameters
  (see clientdeploy.wsdd file):
  
      <parameter name="passwordType" value="PasswordDigest"/>
      <parameter name="mustUnderstand" value="true"/>
      <parameter name="actor" value="http://someuri"/>
  
  Parameter name passwordType can have two values: PasswordDigest or PasswordText.
  When the value is PasswordDigest, a digest of password is created according to
  WS-Security specification. Password is passed as plain text when the value is
  PasswordText.
  
  Parameter mustUnderstand can have true or 1 as well as false or 0.
  
  Parameter actor will accept actor.
  
  To run the sample,
  
  1. Copy wssec\usernameToken directory into your server's webapps\axis\WEB-INF\classes\samples directory
  1. Start server (Tomcat).
  2. Set CLASSPATH
  3. Install the server side handler.
  4. Install client side handler.
  5. Run the client application.
  
  
  1. Copy wssec\usernameToken directory into your webapps\axis\WEB-INF\classes\samples directory
  
  2. Start your Tomcat server
  
  Open a command prompt and go to your server's webapps\axis\WEB-INF\classes\samples\wssec\usernameToken directory
  
  3. Set CLASSPATH to all axis' jar files and webapps\axis\WEB-INF\classes directory.
     (See or run setcp.bat file if your server is Tomcat).
  
  
  4. Go to webapps\axis\WEB-INF\classes\samples\wssec\usernameToken\service directory. Install the server side handler       (WSSUsernameTokenAuthenticationHandler.java). In the command prompt run deploy.bat to deploy service or do:
     java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService deploy.wsdd
  
     See deploy.wsdd file.
  
  5. Go to webapps\axis\WEB-INF\classes\samples\wssec\usernameToken directory and install client side handler       (SimpleUsernameTokenAddHandler.java)
     In the command prompt run clientdeploy.bat to deploy client handler or do:
     java org.apache.axis.utils.Admin client clientdeploy.wsdd
  
     See clientdeploy.wsdd file.
  
  
  6. From webapps\axis\WEB-INF\classes\samples\wssec\usernameToken directory run the client application. Type run
     in command prompt or do:
     java simple.usernameToken.Client
  
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/run.bat
  
  Index: run.bat
  ===================================================================
  %JAVA_HOME%\bin\java samples.wssec.usernameToken.Client
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/setcp.bat
  
  Index: setcp.bat
  ===================================================================
  set CLASSPATH=c:\webservice\src;%CATALINA_HOME%\webapps\axis\WEB-INF\classes;%CATALINA_HOME%\common\endorsed\xercesImpl.jar;%CATALINA_HOME%\common\endorsed\xmlParserAPIs.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\axis.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\axis-ant.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\commons-discovery.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\commons-logging.jar;%CATALINA_HOME%\common\lib\jaxrpc.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\log4j-1.2.4.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\wsdl4j.jar;%CATALINA_HOME%\common\lib\saaj.jar;%CATALINA_HOME%\common\lib\servlet.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\cewolf.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\jcommon-0.7.2.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\jfreechart-0.9.6.jar;%CATALINA_HOME%\common\lib\mail.jar;%CATALINA_HOME%\common\lib\activation.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\junit3.7.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\stylebook-1.0-b3_xalan-2.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\xml-apis.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\xmlsec.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\bcprov-jdk14-119.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\style-apachexml.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\log4j-1.2.8.jar;%CATALINA_HOME%\common\endorsed\xalan.jar;%CATALINA_HOME%\shared\lib\cryptix.jar;%CATALINA_HOME%\shared\lib\cryptix32.jar;%CATALINA_HOME%\shared\lib\cryptix-asn1.jar;%CATALINA_HOME%\shared\lib\jce-jdk13-117.jar;%CATALINA_HOME%\shared\lib\junit-3.8.1.jar\%CATALINA_HOME%\shared\lib\log4j-1.2.8.jar;%CATALINA_HOME%\shared\lib\mailapi-1_3.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\wss4j.jar
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/Service.java
  
  Index: Service.java
  ===================================================================
  package samples.wssec.usernameToken.service;
  
  public class Service {
      public String testMethod() {
          return "Hi, This is a message from WSS UsernameTokenService.";
      }
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/deploy.bat
  
  Index: deploy.bat
  ===================================================================
  %JAVA_HOME%\bin\java org.apache.axis.client.AdminClient deploy.wsdd
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/deploy.wsdd
  
  Index: deploy.wsdd
  ===================================================================
  <deployment xmlns="http://xml.apache.org/axis/wsdd/"
              xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
  
   <!-- define the service -->
   <service name="UsernameTokenService" provider="java:RPC">
     <requestFlow>
     <handler type="java:samples.wssec.usernameToken.SimpleUsernameTokenAuthenticationHandler">
     </handler>
    </requestFlow>
    <parameter name="className" value="samples.wssec.usernameToken.service.Service"/>
    <parameter name="allowedMethods" value="*"/>
   </service>
  
  </deployment>
  
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/setcp.bat
  
  Index: setcp.bat
  ===================================================================
  set CLASSPATH=c:\webservice\src;%CATALINA_HOME%\webapps\axis\WEB-INF\classes;%CATALINA_HOME%\common\endorsed\xercesImpl.jar;%CATALINA_HOME%\common\endorsed\xmlParserAPIs.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\axis.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\axis-ant.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\commons-discovery.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\commons-logging.jar;%CATALINA_HOME%\common\lib\jaxrpc.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\log4j-1.2.4.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\wsdl4j.jar;%CATALINA_HOME%\common\lib\saaj.jar;%CATALINA_HOME%\common\lib\servlet.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\cewolf.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\jcommon-0.7.2.jar;%CATALINA_HOME%\webapps\gateway\WEB-INF\lib\jfreechart-0.9.6.jar;%CATALINA_HOME%\common\lib\mail.jar;%CATALINA_HOME%\common\lib\activation.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\junit3.7.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\stylebook-1.0-b3_xalan-2.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\xml-apis.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\xmlsec.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\bcprov-jdk14-119.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\style-apachexml.jar;%CATALINA_HOME%\webapps\axis\WEB-INF\lib\log4j-1.2.8.jar;%CATALINA_HOME%\common\endorsed\xalan.jar;%CATALINA_HOME%\shared\lib\cryptix.jar;%CATALINA_HOME%\shared\lib\cryptix32.jar;%CATALINA_HOME%\shared\lib\cryptix-asn1.jar;%CATALINA_HOME%\shared\lib\jce-jdk13-117.jar;%CATALINA_HOME%\shared\lib\junit-3.8.1.jar\%CATALINA_HOME%\shared\lib\log4j-1.2.8.jar;%CATALINA_HOME%\shared\lib\mailapi-1_3.jar;%CATALINA_HOME%\shared\lib\wss4j.jar
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/undeploy.bat
  
  Index: undeploy.bat
  ===================================================================
  %JAVA_HOME%\bin\java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService undeploy.wsdd
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/undeploy.wsdd
  
  Index: undeploy.wsdd
  ===================================================================
  <undeployment xmlns="http://xml.apache.org/axis/wsdd/">
    <service name="UsernameTokenService"/>
  </undeployment>
  
  
  
  1.1                  ws-axis/contrib/wss4j/samples/wssec/usernameToken/service/userlist.properties
  
  Index: userlist.properties
  ===================================================================
  ## define users and password (username=password)
  abc=xyz
  myself=mypassword
  otheruser=hispassword
  
  
  
  1.2       +8 -0      ws-axis/contrib/wss4j/src/org/apache/ws/security/WSConstants.java
  
  Index: WSConstants.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/WSConstants.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- WSConstants.java	14 Oct 2003 12:04:28 -0000	1.1
  +++ WSConstants.java	21 Oct 2003 16:04:58 -0000	1.2
  @@ -68,4 +68,12 @@
       public static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
       public static final String SOAP_SEC_NS = "http://schemas.xmlsoap.org/soap/security/2000-12";
       public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/";
  +    public static final String USERNAME_TOKEN_LN = "UsernameToken";
  +    public static final String USERNAME_LN = "Username";
  +    public static final String PASSWORD_LN = "Password";
  +    public static final String PASSWORD_TYPE_ATTR = "Type";
  +    public static final String PASSWORD_DIGEST = "PasswordDigest";
  +    public static final String PASSWORD_TEXT = "PasswordText";
  +    public static final String NONCE_LN = "Nonce";
  +    public static final String CREATED_LN = "Created";
   }
  
  
  
  1.2       +11 -2     ws-axis/contrib/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
  
  Index: WSSecurityEngine.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- WSSecurityEngine.java	14 Oct 2003 12:04:28 -0000	1.1
  +++ WSSecurityEngine.java	21 Oct 2003 16:04:58 -0000	1.2
  @@ -60,7 +60,11 @@
   import org.apache.ws.security.components.crypto.Crypto;
   import org.apache.ws.security.components.crypto.CryptoFactory;
   import org.apache.ws.security.message.EnvelopeIdResolver;
  -import org.apache.ws.security.message.token.*;
  +import org.apache.ws.security.message.token.BinarySecurity;
  +import org.apache.ws.security.message.token.PKIPathSecurity;
  +import org.apache.ws.security.message.token.Reference;
  +import org.apache.ws.security.message.token.SecurityTokenReference;
  +import org.apache.ws.security.message.token.X509Security;
   import org.apache.ws.security.util.AxisUtil;
   import org.apache.ws.security.util.WSSecurityUtil;
   import org.apache.xml.security.encryption.XMLCipher;
  @@ -71,7 +75,12 @@
   import org.apache.xml.security.signature.SignedInfo;
   import org.apache.xml.security.signature.XMLSignature;
   import org.apache.xml.security.utils.Base64;
  -import org.w3c.dom.*;
  +import org.w3c.dom.Attr;
  +import org.w3c.dom.Document;
  +import org.w3c.dom.Element;
  +import org.w3c.dom.Node;
  +import org.w3c.dom.NodeList;
  +import org.w3c.dom.Text;
   
   import javax.crypto.Cipher;
   import javax.crypto.SecretKey;
  
  
  
  1.2       +10 -1     ws-axis/contrib/wss4j/src/org/apache/ws/security/errors.properties
  
  Index: errors.properties
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/errors.properties,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- errors.properties	14 Oct 2003 12:04:28 -0000	1.1
  +++ errors.properties	21 Oct 2003 16:04:58 -0000	1.2
  @@ -22,4 +22,13 @@
   invalidDataRef = Cannot handle multiple data references
   noEncryptedData = Referenced encrypted data could not be retrieved. Reference \"{0}\"
   badElement = Bad element, expected \"{0}\" while got \"{1}\"
  -
  +badTokenType00=Bad UsernameToken Type
  +badTokenType01=Bad UsernameToken Values
  +failedAuthentication=User ({0}) not authenticated
  +missingUsernameToken=UsernameToken is missing
  +missingSecurityHeader=Security header is missing
  +missingUsername=Username is missing
  +missingPassword=Password is missing
  +missingPasswordType=Password attribute type is missing
  +missingNonce=Nonce is missing
  +missingCreated=Created time is missing
  
  
  
  1.1                  ws-axis/contrib/wss4j/src/org/apache/ws/security/WSSUsernameTokenAddHandler.java
  
  Index: WSSUsernameTokenAddHandler.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.ws.security;
  
  import org.apache.axis.AxisFault;
  import org.apache.axis.Constants;
  import org.apache.axis.Message;
  import org.apache.axis.MessageContext;
  import org.apache.axis.handlers.BasicHandler;
  import org.apache.axis.message.SOAPEnvelope;
  import org.apache.axis.message.SOAPHeaderElement;
  import org.apache.ws.security.message.token.UsernameToken;
  import org.apache.ws.security.util.AxisUtil;
  import org.apache.ws.security.util.WSSecurityUtil;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  
  /**
   * A WS-Security UsernameToken header handler. This handler extracts username and
   * password from the message context and creates WS-Security UsernameToken header.
   *
   * The handler accepts three parameters: passwordType, mustUnserstand and actor.
   *
   * passwordType can have one of these two values: PasswordDigest or PasswordText
   * 
   * Password is sent as a digest (according to WS-Security specification) when the
   * value is PasswordDigest. It is sent as a plain text when the value is PasswordText.
   *
   *
   * Use this handler in the request flow of the client. In the client program
   * the uername and password can be set by setUsername and setPassword method of the Call
   * object. The handler will then convert these into UsernameToken header. The handler also
   * clears the username and password from message context so that they won't be sent in HTTP header.
   *
   * @author Sanjesh Pathak (sanjesh@soapknox.com)
   * 
   */
  
  
  public class WSSUsernameTokenAddHandler extends BasicHandler {
  
      /**
       * invoke is called by Axis when a message is handled.
       * <p>
       * @param   msgContext  message context.
       * @throws  AxisFault   
       */
      public void invoke(MessageContext msgContext) throws AxisFault {
  
  
          Message message = null;
          SOAPEnvelope env = null;
  
          try {
  
              String username = msgContext.getUsername();
              String password = msgContext.getPassword();
  
              String passwordType = (String) getOption(UsernameToken.PASSWORD_TYPE);
              String mustUnderstand = (String) getOption(Constants.ATTR_MUST_UNDERSTAND);
              String actor = (String) getOption(Constants.ATTR_ACTOR);
              boolean mustunderstand = false;
  
              if (passwordType == null) {
                  passwordType = WSConstants.PASSWORD_DIGEST;
              }
              if (mustUnderstand != null) {
                  if ((mustUnderstand.equals("true")) || (mustUnderstand.equals("1"))) {
                      mustunderstand = true;
                  }
              }
              if (actor == null) {
                  actor = "";
              }
  
              if ((username != null) && (!username.equals("")) && (password != null) && (!password.equals(""))) {
  
                  message = msgContext.getRequestMessage();
                  env = message.getSOAPEnvelope();
  
                  // clear username and password so that they won't be sent in HTTP header
                  msgContext.setUsername(null);
                  msgContext.setPassword(null);
  
                  Document doc = AxisUtil.toDocument(env);
                  Element securityHeader = WSSecurityUtil.findWsseSecurityHeaderBlock(doc, doc.getDocumentElement(), true);
              
                  UsernameToken ut = new UsernameToken(doc, passwordType);
                  ut.setName(username);
                  ut.setPassword(password);
  
                  WSSecurityUtil.appendChildElement(doc, securityHeader, ut.getElement());
                  SOAPHeaderElement security = new SOAPHeaderElement(securityHeader);
              
                  // TODO: these are not working. is this is a bug in SOAPHeaderElement?
                  security.setMustUnderstand(mustunderstand);
                  security.setActor(actor);
  
                  env.addHeader(security);
              } else {
                  throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType01", new Object[]{});
              }
          } catch (Exception e) {
              throw AxisFault.makeFault(e);
          }
      }
  
  }
  
  
  
  1.1                  ws-axis/contrib/wss4j/src/org/apache/ws/security/WSSUsernameTokenAuthenticationHandler.java
  
  Index: WSSUsernameTokenAuthenticationHandler.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.ws.security;
  
  import org.apache.axis.AxisFault;
  import org.apache.axis.Constants;
  import org.apache.axis.Message;
  import org.apache.axis.MessageContext;
  import org.apache.axis.handlers.BasicHandler;
  import org.apache.axis.message.MessageElement;
  import org.apache.axis.message.SOAPEnvelope;
  import org.apache.axis.message.SOAPHeaderElement;
  import org.apache.ws.security.message.token.UsernameToken;
  import org.apache.ws.security.util.WSSecurityUtil;
  
  import java.util.Iterator;
  
  /**
   * A WS-Security UsernameToken authentication handler.
   *
   * 
   * Password is sent as a digest (according to WS-Security specification) when the
   * value is PasswordDigest. It is sent as a plain text when the value is PasswordText.
   *
   *
   * @author Sanjesh Pathak (sanjesh@soapknox.com)
   * 
   */
  
  public abstract class WSSUsernameTokenAuthenticationHandler extends BasicHandler {
  
      /**
       * invoke is called by Axis when a message is handled.
       * <p>
       * @param   msgContext  message context.
       * @throws  AxisFault   
       */
      public void invoke(MessageContext msgContext) throws AxisFault {
          AxisFault af = null;
          Message message = null;
          SOAPEnvelope env = null;
  
          String username = null;
          String password = null;
          String passwordType = null;
          String nonce = null;
          String createdTime = null;
  
          try {
  
              message = msgContext.getRequestMessage();
              env = message.getSOAPEnvelope();
              String actor = (String) getOption(Constants.ATTR_ACTOR);
  
              if (actor == null) {
                  actor = "";
              }
              
              /*
              // TODO: this thing is not working. Too bad - unable to use UsernameToken class
              Document doc = AxisUtil.toDocument(env);
              // Element securityHeader = WSSecurityUtil.getSecurityHeader(doc, actor);
              Element securityHeader = WSSecurityUtil.findWsseSecurityHeaderBlock(doc, doc.getDocumentElement(), false);
              Element el = WSSecurityUtil.findChildElement(securityHeader, WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN);
              UsernameToken ut = new UsernameToken(el);
              System.out.println("User " + ut.getName());
              */
              
              SOAPHeaderElement headerElement = (SOAPHeaderElement) WSSecurityUtil.getSecurityHeader(env, actor);
              // System.out.println(headerElement.getAsDOM());
              
              if (headerElement != null) {
                  MessageElement usernameTokenElem = WSSecurityUtil.getUsernameToken(headerElement);
  
                  if (usernameTokenElem != null) {
                      Iterator iter = usernameTokenElem.getChildElements();
                      while (iter.hasNext()) {
                          // UsernameToken ut = new UsernameToken(doc);
                          MessageElement elem = (MessageElement) iter.next();
                          if (WSSecurityUtil.equalsQName(elem, WSConstants.WSSE_NS, WSConstants.USERNAME_LN)) {
                              username = elem.getValue();
                          } else if (WSSecurityUtil.equalsQName(elem, WSConstants.WSSE_NS, WSConstants.PASSWORD_LN)) {
                              password = elem.getValue();
                              passwordType = elem.getAttributeValue(WSConstants.PASSWORD_TYPE_ATTR);
                              passwordType = extractpasswordType(passwordType);
                          } else if (WSSecurityUtil.equalsQName(elem, WSConstants.WSSE_NS, WSConstants.NONCE_LN)) {
                              nonce = elem.getValue();
                          } else if (WSSecurityUtil.equalsQName(elem, WSConstants.WSU_NS, WSConstants.CREATED_LN)) {
                              createdTime = elem.getValue();
                          }
                      }
  
                      validate(username, password, nonce, createdTime, passwordType);
                      if (!authenticate(username, password, nonce, createdTime, passwordType)) {
                          throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, "failedAuthentication", new Object[]{username});
                      }
                  } else {
                      throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingUsernameToken", new Object[]{});
                  }
              } else {
                  throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingSecurityHeader", new Object[]{});
              }
  
          } catch (Exception e) {
              af = AxisFault.makeFault(e);
              throw af;
          }
      }
  
      /**
       * Extract password type.
       * <p>
       * @param   passwordType  password type
       * @throws  WSSecurityException
       * @return  password type
       */
  
      private String extractpasswordType(String passwordType) throws WSSecurityException {
          if ((passwordType == null) || (passwordType.equals(""))) {
              throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingPasswordType", new Object[]{});
          }
          int i = passwordType.indexOf(":");
          return passwordType.substring(i + 1, passwordType.length());
      }
  
      /**
       * Validate parameters
       * <p>
       * @param   username   user name
       * @param   password  password
       * @param   nonce  nonce value
       * @param   createdTime  create time
       * @param   passwordType  password type
       * @throws  WSSecurityException
       * 
       */
      private void validate(String username, String password, String nonce, String createdTime, String passwordType) throws WSSecurityException {
          // some simple validations
          if ((username == null) || (username.equals(""))) {
              throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingUsername", new Object[]{});
          }
          if ((password == null) || (password.equals(""))) {
              throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingPassword", new Object[]{});
          }
          if ((passwordType == null) || (passwordType.equals(""))) {
              throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingPasswordType", new Object[]{});
          }
          if (passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
              if ((createdTime == null) || (createdTime.equals(""))) {
                  throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingNonce", new Object[]{});
              }
              if ((nonce == null) || (nonce.equals(""))) {
                  throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "missingCreated", new Object[]{});
              }
          }
      }
  
      /**
       * Authenticates user
       * <p>
       * @param   username   user name
       * @param   password  password
       * @param   nonce  nonce value
       * @param   createdTime  create time
       * @param   passwordType  password type
       * @throws  AxisFault
       * @return   boolean   true if authenticated else false
       */
      private boolean authenticate(String username, String password, String nonce, String createdTime, String passwordType) throws AxisFault {
  
          String origPassword = getPassword(username);
          boolean result = false;
  
          if (passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
  
              // System.out.println("noncestr = " + nonce + "   time = " + createdTime + "  plainpassword = " + origPassword); 
              String passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
  
              // System.out.println("passDigest = " + passDigest + "  password = " + password); 
              if (passDigest.equals(password)) {
                  result = true;
              }
          } else {
              // System.out.println("pass " + origPassword);
              if (origPassword.equals(password)) {
                  result = true;
              }
          }
  
          return result;
      }
  
      /**
       * Get password for the user. Must implement this in subclasses.
       * <p>
       * @param   username   user name
       * @throws  AxisFault
       * @return   password   
       */
      public abstract String getPassword(String username) throws AxisFault;
  
  }
  
  
  
  1.2       +21 -3     ws-axis/contrib/wss4j/src/org/apache/ws/security/components/crypto/BouncyCastle.java
  
  Index: BouncyCastle.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/components/crypto/BouncyCastle.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- BouncyCastle.java	14 Oct 2003 12:04:44 -0000	1.1
  +++ BouncyCastle.java	21 Oct 2003 16:04:58 -0000	1.2
  @@ -57,14 +57,32 @@
   import org.apache.axis.encoding.Base64;
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
  -import org.bouncycastle.asn1.*;
  +import org.bouncycastle.asn1.ASN1Sequence;
  +import org.bouncycastle.asn1.DEREncodableVector;
  +import org.bouncycastle.asn1.DERInputStream;
  +import org.bouncycastle.asn1.DERObject;
  +import org.bouncycastle.asn1.DERObjectIdentifier;
  +import org.bouncycastle.asn1.DEROutputStream;
  +import org.bouncycastle.asn1.DERSequence;
   import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
   import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
   import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
   import org.bouncycastle.jce.provider.BouncyCastleProvider;
   
  -import java.io.*;
  -import java.security.*;
  +import java.io.BufferedReader;
  +import java.io.ByteArrayInputStream;
  +import java.io.ByteArrayOutputStream;
  +import java.io.EOFException;
  +import java.io.File;
  +import java.io.FileInputStream;
  +import java.io.IOException;
  +import java.io.InputStream;
  +import java.io.InputStreamReader;
  +import java.security.GeneralSecurityException;
  +import java.security.KeyFactory;
  +import java.security.PrivateKey;
  +import java.security.Provider;
  +import java.security.Security;
   import java.security.cert.CertificateEncodingException;
   import java.security.cert.CertificateFactory;
   import java.security.cert.X509Certificate;
  
  
  
  1.2       +10 -2     ws-axis/contrib/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java
  
  Index: Merlin.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- Merlin.java	14 Oct 2003 12:04:44 -0000	1.1
  +++ Merlin.java	21 Oct 2003 16:04:58 -0000	1.2
  @@ -57,11 +57,19 @@
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   
  -import java.io.*;
  +import java.io.ByteArrayInputStream;
  +import java.io.File;
  +import java.io.FileInputStream;
  +import java.io.IOException;
  +import java.io.InputStream;
   import java.security.GeneralSecurityException;
   import java.security.KeyStore;
   import java.security.PrivateKey;
  -import java.security.cert.*;
  +import java.security.cert.CertPath;
  +import java.security.cert.Certificate;
  +import java.security.cert.CertificateEncodingException;
  +import java.security.cert.CertificateFactory;
  +import java.security.cert.X509Certificate;
   import java.util.Iterator;
   import java.util.List;
   import java.util.Properties;
  
  
  
  1.2       +11 -2     ws-axis/contrib/wss4j/src/org/apache/ws/security/message/WSEnvelopeBuilder.java
  
  Index: WSEnvelopeBuilder.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/message/WSEnvelopeBuilder.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- WSEnvelopeBuilder.java	14 Oct 2003 12:05:53 -0000	1.1
  +++ WSEnvelopeBuilder.java	21 Oct 2003 16:04:58 -0000	1.2
  @@ -59,7 +59,12 @@
   import org.apache.ws.security.WSConstants;
   import org.apache.ws.security.components.crypto.Crypto;
   import org.apache.ws.security.components.crypto.CryptoFactory;
  -import org.apache.ws.security.message.token.*;
  +import org.apache.ws.security.message.token.BinarySecurity;
  +import org.apache.ws.security.message.token.PKIPathSecurity;
  +import org.apache.ws.security.message.token.Reference;
  +import org.apache.ws.security.message.token.SecurityTokenReference;
  +import org.apache.ws.security.message.token.UsernameToken;
  +import org.apache.ws.security.message.token.X509Security;
   import org.apache.ws.security.util.AxisUtil;
   import org.apache.ws.security.util.WSSecurityUtil;
   import org.apache.xml.security.c14n.Canonicalizer;
  @@ -70,7 +75,11 @@
   import org.w3c.dom.Element;
   import org.w3c.dom.Node;
   
  -import javax.xml.soap.*;
  +import javax.xml.soap.Name;
  +import javax.xml.soap.SOAPEnvelope;
  +import javax.xml.soap.SOAPException;
  +import javax.xml.soap.SOAPHeader;
  +import javax.xml.soap.SOAPHeaderElement;
   import java.security.cert.X509Certificate;
   import java.util.Iterator;
   
  
  
  
  1.2       +71 -2     ws-axis/contrib/wss4j/src/org/apache/ws/security/message/token/UsernameToken.java
  
  Index: UsernameToken.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/message/token/UsernameToken.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- UsernameToken.java	14 Oct 2003 12:05:01 -0000	1.1
  +++ UsernameToken.java	21 Oct 2003 16:04:59 -0000	1.2
  @@ -81,6 +81,9 @@
    */
   public class UsernameToken {
       public static final QName TOKEN = new QName(WSConstants.WSSE_NS, "UsernameToken");
  +    public static final String PASSWORD_TYPE = "passwordType";
  +
  +
       protected Element element = null;
       protected Element elementUsername = null;
       protected Element elementPassword = null;
  @@ -108,14 +111,14 @@
           this.element = elem;
           QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
           if (!el.equals(TOKEN)) {
  -            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType", new Object[]{el});
  +            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType00", new Object[]{el});
           }
           elementUsername = (Element) WSSecurityUtil.getDirectChild(element, WSConstants.WSSE_NS, "Username");
           elementPassword = (Element) WSSecurityUtil.getDirectChild(element, WSConstants.WSSE_NS, "Password");
           elementNonce = (Element) WSSecurityUtil.getDirectChild(element, WSConstants.WSSE_NS, "Nonce");
           elementCreated = (Element) WSSecurityUtil.getDirectChild(element, WSConstants.WSU_NS, "Created");
           if (elementUsername == null || elementPassword == null || elementNonce == null || elementCreated == null) {
  -            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType", new Object[]{el});
  +            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "badTokenType01", new Object[]{el});
           }
           String type = elementPassword.getAttributeNS(WSConstants.WSSE_NS, "Type");
           if (type.equals("PasswordDigest")) {
  @@ -158,6 +161,44 @@
       }
   
       /**
  +     * Constructor.
  +     * <p>
  +     * @param  doc   
  +     */
  +    public UsernameToken(Document doc, String passwordType) {
  +        this.element = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.USERNAME_TOKEN_LN);
  +        WSSecurityUtil.setNamespace(this.element, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
  +        this.elementUsername = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.USERNAME_LN);
  +        WSSecurityUtil.setNamespace(this.elementUsername, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
  +        this.elementUsername.appendChild(doc.createTextNode(""));
  +        element.appendChild(elementUsername);
  +        this.elementPassword = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.PASSWORD_LN);
  +        WSSecurityUtil.setNamespace(this.elementPassword, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
  +        this.elementPassword.appendChild(doc.createTextNode(""));
  +        element.appendChild(elementPassword);
  +        if (passwordType.equals(WSConstants.PASSWORD_TEXT)) {
  +            hashed = false;
  +            this.elementPassword.setAttribute("Type", "wsse:" + WSConstants.PASSWORD_TEXT);
  +        } else {
  +            hashed = true;
  +            this.elementPassword.setAttribute("Type", "wsse:" + WSConstants.PASSWORD_DIGEST);
  +            byte[] nonceValue = new byte[16];
  +            random.nextBytes(nonceValue);
  +            this.elementNonce = doc.createElementNS(WSConstants.WSSE_NS, "wsse:" + WSConstants.NONCE_LN);
  +            WSSecurityUtil.setNamespace(this.elementNonce, WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
  +            this.elementNonce.appendChild(doc.createTextNode(Base64.encode(nonceValue)));
  +            element.appendChild(elementNonce);
  +            SimpleDateFormat zulu = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
  +            zulu.setTimeZone(TimeZone.getTimeZone("GMT"));
  +            Calendar rightNow = Calendar.getInstance();
  +            this.elementCreated = doc.createElementNS(WSConstants.WSU_NS, "wsu:" + WSConstants.CREATED_LN);
  +            WSSecurityUtil.setNamespace(this.elementCreated, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
  +            this.elementCreated.appendChild(doc.createTextNode(zulu.format(rightNow.getTime())));
  +            element.appendChild(elementCreated);
  +        }
  +    }
  +
  +    /**
        * Get the user name.
        * <p>
        * @return   
  @@ -267,6 +308,34 @@
           } catch (Exception e) {
               e.printStackTrace();
           }
  +    }
  +
  +    public static String doPasswordDigest(String nonce, String created, String password) {
  +        String passwdDigest = null;
  +        try {
  +            byte[] b1 = Base64.decode(nonce);
  +            byte[] b2 = created.getBytes("UTF-8");
  +            byte[] b3 = password.getBytes("UTF-8");
  +            byte[] b4 = new byte[b1.length + b2.length + b3.length];
  +            int i = 0;
  +            int count = 0;
  +            for (i = 0; i < b1.length; i++) {
  +                b4[count++] = b1[i];
  +            }
  +            for (i = 0; i < b2.length; i++) {
  +                b4[count++] = b2[i];
  +            }
  +            for (i = 0; i < b3.length; i++) {
  +                b4[count++] = b3[i];
  +            }
  +            MessageDigest sha = MessageDigest.getInstance("SHA-1");
  +            sha.reset();
  +            sha.update(b4);
  +            passwdDigest = Base64.encode(sha.digest());
  +        } catch (Exception e) {
  +            e.printStackTrace();
  +        }
  +        return passwdDigest;
       }
   
       /**
  
  
  
  1.2       +30 -2     ws-axis/contrib/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java
  
  Index: WSSecurityUtil.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/contrib/wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- WSSecurityUtil.java	14 Oct 2003 12:08:19 -0000	1.1
  +++ WSSecurityUtil.java	21 Oct 2003 16:04:59 -0000	1.2
  @@ -54,20 +54,30 @@
    */
   package org.apache.ws.security.util;
   
  +import org.apache.axis.message.MessageElement;
   import org.apache.axis.utils.XMLUtils;
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   import org.apache.ws.security.WSConstants;
   import org.apache.xml.security.utils.Base64;
   import org.apache.xpath.XPathAPI;
  -import org.w3c.dom.*;
  +import org.w3c.dom.Attr;
  +import org.w3c.dom.Document;
  +import org.w3c.dom.Element;
   import org.w3c.dom.Node;
  +import org.w3c.dom.NodeList;
   import org.w3c.dom.Text;
   
  -import javax.xml.soap.*;
  +import javax.xml.namespace.QName;
  +import javax.xml.soap.Name;
  +import javax.xml.soap.SOAPEnvelope;
  +import javax.xml.soap.SOAPException;
  +import javax.xml.soap.SOAPHeader;
  +import javax.xml.soap.SOAPHeaderElement;
   import javax.xml.transform.TransformerException;
   import java.util.Iterator;
   
  +
   /**
    * WS-Security Utility methods.
    * <p>
  @@ -364,5 +374,23 @@
           nsContext.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:ds", WSConstants.SIG_NS);
           nsContext.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:xenc", WSConstants.ENC_NS);
           return nsContext;
  +    }
  +
  +    public static MessageElement getUsernameToken(SOAPHeaderElement securityHeader) {
  +        MessageElement elem = null;
  +        Iterator iter = securityHeader.getChildElements();
  +        while (iter.hasNext()) {
  +            elem = (MessageElement) iter.next();
  +            if (equalsQName(elem, WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN)) {
  +                return elem;
  +            }
  +        }
  +        return null;
  +    }
  +
  +    public static boolean equalsQName(MessageElement elem, String namespaceUri, String localName) {
  +        QName elemQname = elem.getQName();
  +        QName qname = new QName(namespaceUri, localName);
  +        return qname.equals(elemQname);
       }
   }
  
  
  

Mime
View raw message