Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 9158 invoked from network); 25 Jan 2006 10:15:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Jan 2006 10:15:13 -0000 Received: (qmail 68390 invoked by uid 500); 25 Jan 2006 10:15:03 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 68147 invoked by uid 500); 25 Jan 2006 10:15:02 -0000 Mailing-List: contact axis-cvs-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-cvs@ws.apache.org Received: (qmail 68136 invoked by uid 500); 25 Jan 2006 10:15:02 -0000 Delivered-To: apmail-ws-axis2-cvs@ws.apache.org Received: (qmail 68133 invoked by uid 99); 25 Jan 2006 10:15:02 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jan 2006 02:15:02 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 25 Jan 2006 02:15:00 -0800 Received: (qmail 8907 invoked by uid 65534); 25 Jan 2006 10:14:40 -0000 Message-ID: <20060125101440.8903.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r372182 - in /webservices/axis2/trunk/java/modules: core/src/org/apache/axis2/description/ security/src/META-INF/ security/src/org/apache/axis2/security/ security/src/org/apache/axis2/security/handler/ security/src/org/apache/axis2/security... Date: Wed, 25 Jan 2006 10:14:35 -0000 To: axis2-cvs@ws.apache.org From: ruchithf@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: ruchithf Date: Wed Jan 25 02:14:09 2006 New Revision: 372182 URL: http://svn.apache.org/viewcvs?rev=372182&view=rev Log: - Update to the security module - one more step closer to supporting a subset of WS-SecurityPolicy assertions based on the existing WSS4J - Fixed getParent() of PolicyInclude Modified: webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java Modified: webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java (original) +++ webservices/axis2/trunk/java/modules/core/src/org/apache/axis2/description/PolicyInclude.java Wed Jan 25 02:14:09 2006 @@ -114,8 +114,8 @@ private PolicyInclude getParent() { - if (description != null) { - return description.getPolicyInclude(); + if (description != null && description.getParent() != null) { + return description.getParent().getPolicyInclude(); } return null; } Modified: webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml (original) +++ webservices/axis2/trunk/java/modules/security/src/META-INF/module.xml Wed Jan 25 02:14:09 2006 @@ -1,4 +1,4 @@ - + Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/SecurityModule.java Wed Jan 25 02:14:09 2006 @@ -20,33 +20,83 @@ import org.apache.axis2.context.ConfigurationContext; import org.apache.axis2.description.AxisDescription; import org.apache.axis2.description.AxisModule; +import org.apache.axis2.description.AxisOperation; +import org.apache.axis2.description.Parameter; import org.apache.axis2.engine.AxisConfiguration; import org.apache.axis2.modules.Module; +import org.apache.axis2.security.handler.WSSHandlerConstants; +import org.apache.axis2.security.handler.config.InflowConfiguration; +import org.apache.axis2.security.handler.config.OutflowConfiguration; +import org.apache.axis2.security.util.HandlerParameterDecoder; +import org.apache.ws.policy.Policy; +import org.apache.ws.security.policy.WSS4JConfig; +import org.apache.ws.security.policy.WSS4JConfigBuilder; +import org.apache.ws.security.policy.parser.WSSPolicyProcessor; public class SecurityModule implements Module { - /* (non-Javadoc) - * @see org.apache.axis2.modules.Module#engageNotify(org.apache.axis2.description.AxisDescription) - */ public void engageNotify(AxisDescription axisDescription) throws AxisFault { - // TODO TODO - throw new UnsupportedOperationException("TODO"); + Policy policy = axisDescription.getPolicyInclude().getEffectivePolicy(); + if(axisDescription instanceof AxisOperation && policy != null) { +// PolicyWriter writer = PolicyFactory.getPolicyWriter(PolicyFactory.StAX_POLICY_WRITER); +// writer.writePolicy(policy, System.out); + try { + WSSPolicyProcessor wssPolicyProcessor = new WSSPolicyProcessor(); + wssPolicyProcessor.setup(); + wssPolicyProcessor.processPolicy(policy); + + WSS4JConfig config = WSS4JConfigBuilder.build(wssPolicyProcessor.getRootPED().getTopLevelPEDs()); + + InflowConfiguration policyInflowConfig = config.getInflowConfiguration(); + OutflowConfiguration policyOutflowConfig = config.getOutflowConfiguration(); + + Parameter inflowSecParam = axisDescription.getParameter(WSSHandlerConstants.INFLOW_SECURITY); + Parameter outflowSecParam = axisDescription.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY); + + InflowConfiguration staticInflowConfig = HandlerParameterDecoder.getInflowConfiguration(inflowSecParam); + OutflowConfiguration staticOutflowConfig = HandlerParameterDecoder.getOutflowConfiguration(outflowSecParam); + + if(staticInflowConfig == null || staticOutflowConfig == null) { + throw new Exception("Static configuration not available!!!"); + } + OutflowConfiguration mergedOutflowConfig = this + .mergeStaticAndPolicyOutflowConfiguration( + staticOutflowConfig, policyOutflowConfig); + + InflowConfiguration mergedInflowConfig = this.mergeStaticAndPolicyInflowConfiguration(staticInflowConfig, policyInflowConfig); + + axisDescription.addParameter(mergedOutflowConfig.getProperty()); + axisDescription.addParameter(mergedInflowConfig.getProperty()); + } catch (Exception e) { + throw new AxisFault(e.getMessage(),e); + } + } } - /* (non-Javadoc) - * @see org.apache.axis2.modules.Module#shutdown(org.apache.axis2.engine.AxisConfiguration) - */ public void shutdown(AxisConfiguration axisSystem) throws AxisFault { - // TODO TODO - throw new UnsupportedOperationException("TODO"); + //Do nothing } - /* (non-Javadoc) - * @see org.apache.axis2.modules.Module#init(org.apache.axis2.context.ConfigurationContext, org.apache.axis2.description.AxisModule) - */ public void init(ConfigurationContext configContext, AxisModule module) throws AxisFault { - // TODO TODO - throw new UnsupportedOperationException("TODO"); + //DO nothing } + private OutflowConfiguration mergeStaticAndPolicyOutflowConfiguration( + OutflowConfiguration staticConfig, OutflowConfiguration policyConfig) { + policyConfig.setPasswordCallbackClass(staticConfig.getPasswordCallbackClass()); + policyConfig.setSignaturePropFile(staticConfig.getSignaturePropFile()); + policyConfig.setEncryptionPropFile(staticConfig.getEncryptionPropFile()); + policyConfig.setEmbeddedKeyCallbackClass(staticConfig.getEmbeddedKeyCallbackClass()); + policyConfig.setUser(staticConfig.getUser()); + policyConfig.setEncryptionUser(staticConfig.getEncryptionUser()); + return policyConfig; + } + + private InflowConfiguration mergeStaticAndPolicyInflowConfiguration( + InflowConfiguration staticConfig, InflowConfiguration policyConfig) { + policyConfig.setPasswordCallbackClass(staticConfig.getPasswordCallbackClass()); + policyConfig.setDecryptionPropFile(staticConfig.getDecryptionPropFile()); + policyConfig.setSignaturePropFile(staticConfig.getSignaturePropFile()); + return policyConfig; + } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/WSSHandlerConstants.java Wed Jan 25 02:14:09 2006 @@ -73,4 +73,8 @@ public static final String THUMBPRINT_IDENTIFIER = "Thumbprint"; + + public final static String SIGN_ALL_HEADERS = "signAllHeaders"; + public final static String SIGN_BODY = "signBody"; + public final static String ENCRYPT_BODY = "encryptBody"; } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/InflowConfiguration.java Wed Jan 25 02:14:09 2006 @@ -54,12 +54,15 @@ while (keys.hasNext()) { String key = (String) keys.next(); - // Create an element with the name of the key - OMElement elem = fac.createOMElement(key, ns); - // Set the text value of the element - elem.setText((String) action.get(key)); - // Add the element as a child of this action element - actionElem.addChild(elem); + String value = (String) action.get(key); + if(value != null && value.length() > 0) { + // Create an element with the name of the key + OMElement elem = fac.createOMElement(key, ns); + // Set the text value of the element + elem.setText(value); + // Add the element as a child of this action element + actionElem.addChild(elem); + } } propertyElement.addChild(actionElem); @@ -151,5 +154,5 @@ return (String) this.action .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION); } - + } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/handler/config/OutflowConfiguration.java Wed Jan 25 02:14:09 2006 @@ -85,12 +85,15 @@ while (keys.hasNext()) { String key = (String) keys.next(); - // Create an element with the name of the key - OMElement elem = fac.createOMElement(key, ns); - // Set the text value of the element - elem.setText((String) action.get(key)); - // Add the element as a child of this action element - actionElem.addChild(elem); + String value = (String) action.get(key); + if(value != null && value.length() > 0) { + // Create an element with the name of the key + OMElement elem = fac.createOMElement(key, ns); + // Set the text value of the element + elem.setText(value); + // Add the element as a child of this action element + actionElem.addChild(elem); + } } propertyElement.addChild(actionElem); @@ -514,4 +517,18 @@ return (String) this.actionList[this.currentAction] .get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV); } + + + public void setSignAllHeadersAndBody() { + this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true"); + this.setSignBody(); + } + + public void setSignBody() { + this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true"); + } + + public void setEncryptBody() { + this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true"); + } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/axis2/security/util/HandlerParameterDecoder.java Wed Jan 25 02:14:09 2006 @@ -19,7 +19,10 @@ import org.apache.axis2.description.Parameter; import org.apache.axis2.om.OMElement; import org.apache.axis2.security.handler.WSSHandlerConstants; +import org.apache.axis2.security.handler.config.InflowConfiguration; +import org.apache.axis2.security.handler.config.OutflowConfiguration; import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.handler.WSHandlerConstants; import javax.xml.namespace.QName; import java.util.Iterator; @@ -81,7 +84,7 @@ } /* - * Populate the ourflow parameters + * Populate the outflow parameters */ if (outFlowSecParam != null && !inflow) { OMElement outFlowParamElem = outFlowSecParam.getParameterElement(); @@ -112,8 +115,77 @@ msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT, new Integer(repetitionCount)); } - - } + + public static OutflowConfiguration getOutflowConfiguration(Parameter outflowConfigParam) throws Exception { + if (outflowConfigParam != null) { + OMElement outflowParamElem = outflowConfigParam.getParameterElement(); + + OMElement actionElem = outflowParamElem + .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION)); + if (actionElem == null) { + throw new Exception( + "Inflow configurtion must contain an 'action' " + + "elementas the child of 'InflowSecurity' element"); + } + + OutflowConfiguration outflowConfiguration = new OutflowConfiguration(); + + Iterator childElements = actionElem.getChildElements(); + while (childElements.hasNext()) { + OMElement element = (OMElement) childElements.next(); + + String localName = element.getLocalName(); + if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) { + outflowConfiguration.setPasswordCallbackClass(element.getText()); + } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) { + outflowConfiguration.setSignaturePropFile(element.getText()); + } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) { + outflowConfiguration.setEncryptionPropFile(element.getText()); + } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) { + outflowConfiguration.setEmbeddedKeyCallbackClass(element.getText()); + } else if(localName.equals(WSHandlerConstants.USER)) { + outflowConfiguration.setUser(element.getText()); + } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) { + outflowConfiguration.setEncryptionUser(element.getText()); + } + } + return outflowConfiguration; + } + return null; + } + + public static InflowConfiguration getInflowConfiguration(Parameter inflowConfigParam) throws Exception { + + if (inflowConfigParam != null) { + OMElement inFlowParamElem = inflowConfigParam.getParameterElement(); + + OMElement actionElem = inFlowParamElem + .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION)); + if (actionElem == null) { + throw new Exception( + "Inflow configurtion must contain an 'action' " + + "elementas the child of 'InflowSecurity' element"); + } + + InflowConfiguration inflowConfiguration = new InflowConfiguration(); + + Iterator childElements = actionElem.getChildElements(); + while (childElements.hasNext()) { + OMElement element = (OMElement) childElements.next(); + + String localName = element.getLocalName(); + if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) { + inflowConfiguration.setPasswordCallbackClass(element.getText()); + } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) { + inflowConfiguration.setSignaturePropFile(element.getText()); + } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) { + inflowConfiguration.setDecryptionPropFile(element.getText()); + } + } + return inflowConfiguration; + } + return null; + } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfig.java Wed Jan 25 02:14:09 2006 @@ -18,11 +18,16 @@ import org.apache.axis2.security.handler.config.InflowConfiguration; import org.apache.axis2.security.handler.config.OutflowConfiguration; +import org.apache.ws.security.policy.model.Binding; public class WSS4JConfig { - private OutflowConfiguration outflowConfiguration; - private InflowConfiguration inflowConfiguration; + private OutflowConfiguration outflowConfiguration = new OutflowConfiguration(); + private InflowConfiguration inflowConfiguration = new InflowConfiguration(); + + Binding binding; + boolean signature; + boolean encryption; /** * @return Returns the inflowConfiguration. @@ -30,23 +35,23 @@ public InflowConfiguration getInflowConfiguration() { return inflowConfiguration; } - /** - * @param inflowConfiguration The inflowConfiguration to set. - */ - public void setInflowConfiguration(InflowConfiguration inflowConfiguration) { - this.inflowConfiguration = inflowConfiguration; - } +// /** +// * @param inflowConfiguration The inflowConfiguration to set. +// */ +// public void setInflowConfiguration(InflowConfiguration inflowConfiguration) { +// this.inflowConfiguration = inflowConfiguration; +// } /** * @return Returns the outflowConfiguration. */ public OutflowConfiguration getOutflowConfiguration() { return outflowConfiguration; } - /** - * @param outflowConfiguration The outflowConfiguration to set. - */ - public void setOutflowConfiguration(OutflowConfiguration outflowConfiguration) { - this.outflowConfiguration = outflowConfiguration; - } +// /** +// * @param outflowConfiguration The outflowConfiguration to set. +// */ +// public void setOutflowConfiguration(OutflowConfiguration outflowConfiguration) { +// this.outflowConfiguration = outflowConfiguration; +// } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/WSS4JConfigBuilder.java Wed Jan 25 02:14:09 2006 @@ -18,47 +18,117 @@ import java.util.ArrayList; import java.util.Iterator; +import org.apache.ws.security.WSConstants; import org.apache.ws.security.policy.model.AsymmetricBinding; import org.apache.ws.security.policy.model.Binding; +import org.apache.ws.security.policy.model.Header; import org.apache.ws.security.policy.model.PolicyEngineData; -import org.apache.ws.security.policy.model.SymmetricBinding; +import org.apache.ws.security.policy.model.SignedEncryptedParts; +import org.apache.ws.security.policy.model.SymmetricAsymmetricBindingBase; +import org.apache.ws.security.policy.model.TransportBinding; import org.apache.ws.security.policy.model.Wss10; import org.apache.ws.security.policy.model.Wss11; public class WSS4JConfigBuilder { - public static void build(ArrayList topLevelPeds) throws WSSPolicyException { + public static WSS4JConfig build(ArrayList topLevelPeds) throws WSSPolicyException { Iterator topLevelPEDIterator = topLevelPeds.iterator(); WSS4JConfig config = new WSS4JConfig(); while (topLevelPEDIterator.hasNext()) { PolicyEngineData ped = (PolicyEngineData) topLevelPEDIterator.next(); if(ped instanceof Binding) { - if(ped instanceof SymmetricBinding) { - processSymmetricPolicyBinding((SymmetricBinding)ped, config); - } else { - processAsymmetricPolicyBinding((AsymmetricBinding)ped, config); - } + config.binding = (Binding)ped; } else if(ped instanceof Wss10) { processWSS10((Wss10)ped, config); } else if(ped instanceof Wss11) { processWSS11((Wss11)ped, config); + } else if (ped instanceof SignedEncryptedParts) { + processSignedEncryptedParts((SignedEncryptedParts)ped, config); + } else { + //Unrecognized token } } + finalizeConfig(config); + return config; } - - private static void processSymmetricPolicyBinding(SymmetricBinding symmbinding, WSS4JConfig config) { - //TODO - throw new UnsupportedOperationException("TODO"); + private static void finalizeConfig(WSS4JConfig config) throws WSSPolicyException{ + + if(config.binding instanceof TransportBinding) { + //TODO TransportBinding + throw new UnsupportedOperationException("TODO TransportBinding"); + } else { + //Handle common properties from SymmetricAsymmetricBindingBase + SymmetricAsymmetricBindingBase base = (SymmetricAsymmetricBindingBase) config.binding; + if(base.isEntireHeaderAndBodySignatures()) { + config.getOutflowConfiguration().setSignAllHeadersAndBody(); + } + if (base.isSignatureProtection()) { + if (base.getProtectionOrder().equals( + Constants.SIGN_BEFORE_ENCRYPTING)) { + //Makesure encryption is on + config.encryption = true; + + //Add a sign part pointing to the signature + String encrParts = config.getOutflowConfiguration() + .getEncryptionParts(); + boolean otherSignPartsExists = encrParts != null + && encrParts.length() > 0; + String part = getEncryptedPartSnippet(false, WSConstants.SIG_NS, + WSConstants.SIG_LN, !otherSignPartsExists); + if(otherSignPartsExists) { + part = encrParts + part; + } + config.getOutflowConfiguration().setEncryptionParts(part); + } else { + throw new WSSPolicyException("To enable SignatureProtection" + + " the ProtectionOrder must be SignBeforeEncrypting"); + } + } + if(base.isTokenProtection()) { + throw new WSSPolicyException( + "TokenProtection is not supported right now " + + "since there's no way to specify how to sign " + + "the token that is used to sign ???"); + } + + //Start building action items + String actionItems = ""; + if(config.signature && config.encryption) { + if(base.getProtectionOrder().equals(Constants.SIGN_BEFORE_ENCRYPTING)) { + actionItems = "Signature Encrypt"; + } else { + actionItems = "Encrypt Signature"; + } + } else if(config.signature) { + actionItems = " Signature"; + } else if(config.encryption) { + actionItems = " Encrypt"; + } + + if(base.isIncludeTimestamp()) { + //TODO: Caution: including Timestamp as the starting action item + actionItems = " Timestamp " + actionItems; + + } + if(actionItems.length() == 0) { + actionItems = "NoSecurity"; + } + config.getInflowConfiguration().setActionItems(actionItems.trim()); + config.getOutflowConfiguration().setActionItems(actionItems.trim()); + } + + + if(config.binding instanceof AsymmetricBinding) { + //TODO Handle asymmetric binding + } else { + //TODO Handle symmetric binding + } } + private static void processWSS10(Wss10 wss10, WSS4JConfig config) { - //TODO - throw new UnsupportedOperationException("TODO"); - } - private static void processAsymmetricPolicyBinding(AsymmetricBinding binding, WSS4JConfig config) { - // TODO TODO - throw new UnsupportedOperationException("TODO"); + //There's nothing to populate in WSS4J Config right now } private static void processWSS11(Wss11 wss11, WSS4JConfig config) { @@ -68,4 +138,55 @@ } } + private static void processSignedEncryptedParts(SignedEncryptedParts parts, + WSS4JConfig config) { + if(parts.isSignedParts()) { + config.signature = true; + if(parts.isBody()) { + config.getOutflowConfiguration().setSignBody(); + } + Iterator headersIter = parts.getHeaders().iterator(); + String signedParts = ""; + while (headersIter.hasNext()) { + Header header = (Header) headersIter.next(); + signedParts += getSignedPartSnippet(header.getNamespace(), + header.getNamespace(), signedParts.length() == 0); + } + if(signedParts.length() != 0) { + config.getOutflowConfiguration().setSignatureParts(signedParts); + } + } else { + config.encryption = true; + if(parts.isBody()) { + config.getOutflowConfiguration().setEncryptBody(); + } + Iterator headersIter = parts.getHeaders().iterator(); + String encryptedParts = ""; + while (headersIter.hasNext()) { + Header header = (Header) headersIter.next(); + encryptedParts += getEncryptedPartSnippet(false, header + .getNamespace(), header.getName(), encryptedParts + .length() == 0); + } + if(encryptedParts.length() != 0) { + config.getOutflowConfiguration().setEncryptionParts(encryptedParts); + } + } + } + + private static String getSignedPartSnippet(String namespace, String name, + boolean first) { + return first ? "{Element}{" + namespace + "}" + name : ";{Element}{" + + namespace + "}" + name; + } + + private static String getEncryptedPartSnippet(boolean content, + String namespace, String name, boolean first) { + String ret = ""; + if(!first) { + ret=";"; + } + return content ? ret + "{}{" + namespace + "}" + name : ret + + "{Element}{" + namespace + "}" + name; + } } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/model/SymmetricAsymmetricBindingBase.java Wed Jan 25 02:14:09 2006 @@ -19,7 +19,7 @@ import org.apache.ws.security.policy.Constants; import org.apache.ws.security.policy.WSSPolicyException; -class SymmetricAsymmetricBindingBase extends Binding { +public class SymmetricAsymmetricBindingBase extends Binding { private String protectionOrder = Constants.SIGN_BEFORE_ENCRYPTING; Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/WSSPolicyProcessor.java Wed Jan 25 02:14:09 2006 @@ -62,7 +62,7 @@ SecurityProcessorContext secProcessorContext = null; - boolean setup() throws NoSuchMethodException { + public boolean setup() throws NoSuchMethodException { prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER); /* @@ -372,4 +372,16 @@ } } } + + /** + * @return Returns the secProcessorContext. + */ + public RootPolicyEngineData getRootPED() { + if(this.secProcessorContext != null && this.secProcessorContext.getAction() == SecurityProcessorContext.NONE) { + return (RootPolicyEngineData)secProcessorContext.getPedStack().get(0); + } else { + return null; + } + } + } Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java URL: http://svn.apache.org/viewcvs/webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java?rev=372182&r1=372181&r2=372182&view=diff ============================================================================== --- webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java (original) +++ webservices/axis2/trunk/java/modules/security/src/org/apache/ws/security/policy/parser/processors/AsymmetricBindingProcessor.java Wed Jan 25 02:14:09 2006 @@ -17,6 +17,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ws.security.policy.model.Binding; import org.apache.ws.security.policy.parser.SecurityPolicy; import org.apache.ws.security.policy.parser.SecurityPolicyToken; import org.apache.ws.security.policy.parser.SecurityProcessorContext; @@ -135,6 +136,9 @@ log.debug("Processing " + spc.readCurrentSecurityToken().getTokenName() + ": " + SecurityProcessorContext.ACTION_NAMES[spc.getAction()]); + if(spc.getAction() == 2) { + ((Binding)spc.readCurrentPolicyEngineData()).setIncludeTimestamp(true); + } return new Boolean(true); }