axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r443459 - in /webservices/axis2/trunk/java/modules/security/src/org/apache/rampart: MessageBuilder.java builder/BindingBuilder.java builder/SymmetricBindingBuilder.java errors.properties
Date Thu, 14 Sep 2006 20:38:21 GMT
Author: ruchithf
Date: Thu Sep 14 13:38:20 2006
New Revision: 443459

URL: http://svn.apache.org/viewvc?view=rev&rev=443459
Log:
Completed client side encryptBeforeSignature processing of SymmetricBinding.


Modified:
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java?view=diff&rev=443459&r1=443458&r2=443459
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/MessageBuilder.java
Thu Sep 14 13:38:20 2006
@@ -31,10 +31,8 @@
 import org.apache.rampart.policy.RampartPolicyData;
 import org.apache.rampart.util.Axis2Util;
 import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.SOAPConstants;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 
 import java.io.ByteArrayInputStream;
@@ -56,10 +54,7 @@
          */
         Document doc = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), false);
         msgCtx.setEnvelope((SOAPEnvelope)doc.getDocumentElement());
-        
-        SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
-                .getDocumentElement());
-        
+
         WSSecHeader secHeader = new WSSecHeader();
         secHeader.insertSecurityHeader(doc);
 

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=443459&r1=443458&r2=443459
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
Thu Sep 14 13:38:20 2006
@@ -31,8 +31,11 @@
 import org.apache.ws.secpolicy.model.UsernameToken;
 import org.apache.ws.secpolicy.model.X509Token;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.message.WSSecTimestamp;
@@ -46,13 +49,18 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
 
 public abstract class BindingBuilder {
     private static Log log = LogFactory.getLog(BindingBuilder.class);
             
     private Element insertionLocation;
     
+    protected String mainSigId = null;
+    
     /**
      * @param rmd
      * @param doc
@@ -249,11 +257,11 @@
      * @param suppTokens
      * @throws RampartException
      */
-    protected ArrayList handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+    protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
             throws RampartException {
         
         //Create the list to hold the tokens
-        ArrayList endSuppTokList = new ArrayList();
+        HashMap endSuppTokMap = new HashMap();
         
         if(suppTokens != null && suppTokens.getTokens() != null &&
                 suppTokens.getTokens().size() > 0) {
@@ -284,7 +292,7 @@
                     this.setInsertionLocation(siblingElem);
                     
                     //Add the extracted token
-                    endSuppTokList.add(endSuppTok);
+                    endSuppTokMap.put(token, endSuppTok);
                     
                 } else if(token instanceof X509Token) {
                     //Get the to be added
@@ -315,7 +323,7 @@
                                         (OMElement)encrKey.getEncryptedKeyElement(),
                                         now, new Date(now.getTime() + 300000));
                             
-                            endSuppTokList.add(endSuppTok);
+                            endSuppTokMap.put(token, endSuppTok);
                             
                         } catch (WSSecurityException e) {
                             throw new RampartException("errorCreatingEncryptedKey", e);
@@ -332,7 +340,7 @@
                                     .getInsertionLocation(), bstElem);
                             this.setInsertionLocation(bstElem);
                         }
-                        endSuppTokList.add(sig);
+                        endSuppTokMap.put(token, sig);
                     }
                 } else if(token instanceof UsernameToken) {
                     WSSecUsernameToken utBuilder = addUsernameToken(rmd);
@@ -347,9 +355,10 @@
                     this.setInsertionLocation(elem);
                     Date now = new Date();
                     try {
-                        endSuppTokList.add(new org.apache.rahas.Token(utBuilder
-                            .getId(), (OMElement)elem, now,
-                            new Date(now.getTime() + 300000)));
+                        org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+                                utBuilder.getId(), (OMElement) elem, now,
+                                new Date(now.getTime() + 300000));
+                        endSuppTokMap.put(token, tempTok);
                     } catch (TrustException e) {
                         throw new RampartException("errorCreatingRahasToken", e);
                     }
@@ -357,7 +366,35 @@
             }
         }
         
-        return endSuppTokList;
+        return endSuppTokMap;
+    }
+    /**
+     * @param sigSuppTokMap
+     * @param sigParts
+     * @throws RampartException
+     */
+    protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException
{
+        
+        Set entrySet = tokenMap.entrySet();
+        
+        for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
+            Object tempTok =  iter.next();
+            WSEncryptionPart part = null;
+            if(tempTok instanceof org.apache.rahas.Token) {
+                part = new WSEncryptionPart(
+                        ((org.apache.rahas.Token) tempTok).getId());
+            } else if(tempTok instanceof WSSecSignature) {
+                WSSecSignature tempSig = (WSSecSignature) tempTok;
+                if(tempSig.getBSTTokenId() != null) {
+                    part = new WSEncryptionPart(tempSig.getBSTTokenId());
+                }
+            } else {
+              throw new RampartException("UnsupportedTokenInSupportingToken");  
+            }
+            sigParts.add(part);
+        }
+                
+        return sigParts;
     }
 
     
@@ -367,6 +404,115 @@
 
     public void setInsertionLocation(Element insertionLocation) {
         this.insertionLocation = insertionLocation;
+    }
+    
+    
+    protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws
RampartException {
+        
+        Set tokenSet = tokenMap.keySet();
+        
+        Vector sigValues = new Vector();
+        
+        for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
+            
+            Token token = (Token)iter.next();
+            
+            Object tempTok = tokenMap.get(token);
+            
+            Vector sigParts = new Vector();
+            sigParts.add(new WSEncryptionPart(this.mainSigId));
+            
+            if (tempTok instanceof org.apache.rahas.Token) {
+                org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
+                if(rmd.getPolicyData().isTokenProtection()) {
+                    sigParts.add(new WSEncryptionPart(tok.getId()));
+                }
+                
+                this.doSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+                
+            } else if (tempTok instanceof WSSecSignature) {
+                WSSecSignature sig = (WSSecSignature)tempTok;
+                if(rmd.getPolicyData().isTokenProtection() &&
+                        sig.getBSTTokenId() != null) {
+                    sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+                }
+                
+                try {
+                    sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+                    sig.computeSignature();
+                } catch (WSSecurityException e) {
+                    throw new RampartException("errorInSignatureWithX509Token", e);
+                }
+                sigValues.add(sig.getSignatureValue());
+            }
+        } 
+
+        return sigValues;
+            
+    }
+    
+    
+    protected byte[] doSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token
tok, Vector sigParts) throws RampartException {
+        
+        Document doc = rmd.getDocument();
+        RampartPolicyData rpd = rmd.getPolicyData();
+        
+        if(policyToken.isDerivedKeys()) {
+            try {
+                WSSecDKSign dkSign = new WSSecDKSign();
+
+                OMElement ref = tok.getAttachedReference();
+                if(ref == null) {
+                    ref = tok.getUnattachedReference();
+                }
+                if(ref != null) {
+                    dkSign.setExternalKey(tok.getSecret(), (Element) 
+                            doc.importNode((Element) ref, true));
+                } else {
+                    dkSign.setExternalKey(tok.getSecret(), tok.getId());
+                }
+
+                //Set the algo info
+                dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+                
+                
+                dkSign.prepare(doc);
+                
+                sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));               
          
+                
+                if(rpd.isTokenProtection()) {
+                    sigParts.add(new WSEncryptionPart(tok.getId()));
+                }
+                
+                dkSign.setParts(sigParts);
+                
+                dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+                
+                //Do signature
+                dkSign.computeSignature();
+                
+                //Add elements to header
+                this.setInsertionLocation(RampartUtil
+                        .insertSiblingAfter(this.getInsertionLocation(),
+                                dkSign.getdktElement()));
+
+                this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                        this.getInsertionLocation(), dkSign
+                                .getSignatureElement()));
+
+                return dkSign.getSignatureValue();
+                
+            } catch (ConversationException e) {
+                throw new RampartException(
+                        "errorInDerivedKeyTokenSignature", e);
+            } catch (WSSecurityException e) {
+                throw new RampartException(
+                        "errorInDerivedKeyTokenSignature", e);
+            }
+        } else {
+            //TODO :  Example SAMLTOken Signature
+            throw new UnsupportedOperationException("TODO");
+        }
     }
     
 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=443459&r1=443458&r2=443459
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
Thu Sep 14 13:38:20 2006
@@ -29,21 +29,16 @@
 import org.apache.ws.secpolicy.model.SecureConversationToken;
 import org.apache.ws.secpolicy.model.SupportingToken;
 import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.secpolicy.model.X509Token;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncrypt;
-import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.message.WSSecUsernameToken;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
+import java.util.HashMap;
 import java.util.Vector;
 
 
@@ -82,6 +77,8 @@
         
         RampartPolicyData rpd = rmd.getPolicyData();
         
+        Vector signatureValues = new Vector();
+        
         Token encryptionToken = rpd.getEncryptionToken();
         if(encryptionToken != null) {
             //The encryption token can be an IssuedToken or a 
@@ -181,65 +178,95 @@
             
             RampartUtil.appendChildToSecHeader(rmd, refList);
             
-            //Now add the supporting tokens
-            SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
-            
-            Vector sigParts = rpd.getSignedParts();
-            
             this.setInsertionLocation(refList);
+
+//          Now add the supporting tokens
+            SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
             
-            if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
-                    sgndSuppTokens.getTokens().size() > 0) {
-                log.debug("Processing signed supporting tokens");
-                
-                ArrayList tokens = sgndSuppTokens.getTokens();
-                for (Iterator iter = tokens.iterator(); iter.hasNext();) {
-                    
-                    Token token = (Token) iter.next();
-                    if(token instanceof UsernameToken) {
-                        WSSecUsernameToken utBuilder = addUsernameToken(rmd);
-                        
-                        utBuilder.prepare(rmd.getDocument());
-                        
-                        //Add the UT
-                        Element elem = utBuilder.getUsernameTokenElement();
-                        RampartUtil.insertSiblingAfter(this.getInsertionLocation(), elem);
-                        
-                        //Move the insert location to th enext element
-                        this.setInsertionLocation(elem);
-                        
-                        WSEncryptionPart part = new WSEncryptionPart(utBuilder
-                                .getId());
-                        sigParts.add(part);
-                        
-                    } else {
-                        throw new RampartException("unsupportedSignedSupportingToken", 
-                                new String[]{"{" +token.getName().getNamespaceURI() 
-                                + "}" + token.getName().getLocalPart()});
-                    }
-                }
-            }
+            HashMap sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
             
-            //Endorsing Supporting Tokens 
             SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
 
-            //The list to hold tokens
-            ArrayList endSuppTokList = this.handleSupportingTokens(rmd, endSuppTokens);
+            HashMap endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
 
             SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
             
-            ArrayList sgndEndSuppTokList = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
-            
+            HashMap sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+            //Setup signature parts
+            Vector sigParts = addSignatureParts(sigSuppTokMap, rpd.getSignedParts());
+            sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
             
             //Sign the message
+            //We should use the same key in the case of EncryptBeforeSig
+            if(encryptionToken.isDerivedKeys()) {
+                try {
+                    WSSecDKSign dkSign = new WSSecDKSign();
+
+                    OMElement ref = tok.getAttachedReference();
+                    if(ref == null) {
+                        ref = tok.getUnattachedReference();
+                    }
+                    if(ref != null) {
+                        dkSign.setExternalKey(tok.getSecret(), (Element) 
+                                doc.importNode((Element) ref, true));
+                    } else {
+                        dkSign.setExternalKey(tok.getSecret(), tok.getId());
+                    }
+
+                    //Set the algo info
+                    dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+                    
+                    
+                    dkSign.prepare(doc);
+                    
+                    sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));           
              
+                    
+                    if(rpd.isTokenProtection() && attached) {
+                        sigParts.add(new WSEncryptionPart(tokenId));
+                    }
+                    
+                    dkSign.setParts(sigParts);
+                    
+                    dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+                    
+                    //Do signature
+                    dkSign.computeSignature();
+                    
+                    signatureValues.add(dkSign.getSignatureValue());
+                    
+                    //Add elements to header
+                    this.setInsertionLocation(RampartUtil
+                            .insertSiblingAfter(this.getInsertionLocation(),
+                                    dkSign.getdktElement()));
+
+                    this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                            this.getInsertionLocation(), dkSign
+                                    .getSignatureElement()));
+                    this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)dkSign.getSignatureElement());
+                    
+                } catch (ConversationException e) {
+                    throw new RampartException(
+                            "errorInDerivedKeyTokenSignature", e);
+                } catch (WSSecurityException e) {
+                    throw new RampartException(
+                            "errorInDerivedKeyTokenSignature", e);
+                }
+            } else {
+                //TODO :  Example SAMLTOken Signature
+            }
+            
+            //Do endorsed signatures
+            this.doEndorsedSignatures(rmd, endSuppTokMap);
             
-            String sigId = null;
+            //Do signed endorsing signatures
+            this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
             
             //Check for signature protection
-            if(rpd.isSignatureProtection()) {
+            if(rpd.isSignatureProtection() && this.mainSigId != null) {
                 //Now encrypt the signature using the above token
                 Vector secondEncrParts = new Vector();
-                secondEncrParts.add(new WSEncryptionPart(sigId, "Element"));
+                secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
                 
                 Element secondRefList = null;
                 
@@ -266,7 +293,8 @@
             }
         }
     }
-
+    
+    
     
     /**
      * Setup the required tokens

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=443459&r1=443458&r2=443459
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
Thu Sep 14 13:38:20 2006
@@ -31,4 +31,5 @@
 errorInRetrievingTokenId = Error in retrieving token : {0}
 errorInEncryption = Error in encryption
 errorInDKEncr = Error in encryption with a derived key
-errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
\ No newline at end of file
+errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
+UnsupportedTokenInSupportingToken = Unsupprted token in supporting tokens
\ No newline at end of file



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message