axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r476999 - in /webservices/axis2/branches/java/1_1/modules/security: src/org/apache/rampart/ src/org/apache/rampart/builder/ src/org/apache/rampart/handler/config/ src/org/apache/rampart/util/ test/org/apache/rampart/
Date Mon, 20 Nov 2006 00:40:41 GMT
Author: ruchithf
Date: Sun Nov 19 16:40:40 2006
New Revision: 476999

URL: http://svn.apache.org/viewvc?view=rev&rev=476999
Log:
- Updated AsymmBindingBuilder, RampartUtil and RampartEngine to be able to correctly handle
the case where we have to use DerivedKeys base on an ephmeral key.
- Deprecated InflowConfiguration and OutflowConfiguration classes
- Updated HandlerParameterDecoder to trim configuration values


Modified:
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/InflowConfiguration.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/OutflowConfiguration.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/HandlerParameterDecoder.java
    webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/RampartUtil.java
    webservices/axis2/branches/java/1_1/modules/security/test/org/apache/rampart/MessageBuilderTestBase.java

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
Sun Nov 19 16:40:40 2006
@@ -71,7 +71,7 @@
         } else {
             results = engine.processSecurityHeader(rmd.getDocument(),
                       null, 
-                      RampartUtil.getPasswordCB(rmd),
+                      new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
                       RampartUtil.getSignatureCrypto(rpd.getRampartConfig(), 
                               msgCtx.getAxisService().getClassLoader()), 
                       RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), 

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
Sun Nov 19 16:40:40 2006
@@ -473,8 +473,7 @@
             return this.tokenStorage;
         }
 
-        TokenStorage storage = (TokenStorage) this.msgContext
-                .getConfigurationContext().getProperty(
+        TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
                         TokenStorage.TOKEN_STORAGE_KEY);
 
         if (storage != null) {
@@ -506,7 +505,7 @@
                 
             }
             
-//            /Set the storage instance
+            //Set the storage instance
             this.msgContext.getConfigurationContext().setProperty(
                     TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
         }

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
Sun Nov 19 16:40:40 2006
@@ -19,6 +19,7 @@
 import org.apache.axiom.om.OMElement;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
 import org.apache.rampart.RampartException;
 import org.apache.rampart.RampartMessageData;
 import org.apache.rampart.policy.RampartPolicyData;
@@ -31,6 +32,7 @@
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.WSSecDKEncrypt;
 import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncrypt;
@@ -52,6 +54,10 @@
     private WSSecSignature sig;
 
     private WSSecEncryptedKey encrKey;
+    
+    private String encryptedKeyId;
+    
+    private byte[] encryptedKeyValue;
 
     private Vector signatureValues = new Vector();
 
@@ -107,26 +113,12 @@
         if (encryptionToken != null && encrParts.size() > 0) {
             if (encryptionToken.isDerivedKeys()) {
                 try {
-                    // Set up the encrypted key to use
-                    encrKey = this.getEncryptedKeyBuilder(rmd, encryptionToken);
-
-                    Element bstElem = encrKey.getBinarySecurityTokenElement();
-                    if (bstElem != null) {
-                        // If a BST is available then use it
-                        RampartUtil.appendChildToSecHeader(rmd, bstElem);
-                    }
-
-
-                    // Add the EncryptedKey
-                    encrTokenElement = encrKey.getEncryptedKeyElement();
-                    this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
-                            encrTokenElement);
-
+                    this.setupEncryptedKey(rmd, encryptionToken);
                     // Create the DK encryption builder
                     dkEncr = new WSSecDKEncrypt();
                     dkEncr.setParts(encrParts);
-                    dkEncr.setExternalKey(encrKey.getEphemeralKey(), encrKey
-                            .getId());
+                    dkEncr.setExternalKey(this.encryptedKeyValue, 
+                            this.encryptedKeyId);
                     dkEncr.prepare(doc);
 
                     // Get and add the DKT element
@@ -343,10 +335,10 @@
                     WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
                     
                     if(this.encrKey == null) {
-                        this.setupEncryptedKey(rmd);
+                        this.setupEncryptedKey(rmd, encrToken);
                     }
                     
-                    dkEncr.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+                    dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
                     dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
                     dkEncr.prepare(doc);
                     Element encrDKTokenElem = null;
@@ -429,11 +421,11 @@
         if (sigToken.isDerivedKeys()) {
             // Set up the encrypted key to use
             if(this.encrKey == null) {
-                setupEncryptedKey(rmd);
+                setupEncryptedKey(rmd, sigToken);
             }
             
             WSSecDKSign dkSign = new WSSecDKSign();
-            dkSign.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+            dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
 
             // Set the algo info
             dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
@@ -512,19 +504,53 @@
      * @param rmd
      * @throws RampartException
      */
-    private void setupEncryptedKey(RampartMessageData rmd) throws RampartException {
-        encrKey = this.getEncryptedKeyBuilder(rmd, sigToken);
-        
-        Element bstElem = encrKey.getBinarySecurityTokenElement();
-        if (bstElem != null) {
-            // If a BST is available then use it
-            this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
-                    this.getInsertionLocation(), bstElem));
-        }
+    private void setupEncryptedKey(RampartMessageData rmd, Token token) 
+    throws RampartException {
+        if(!rmd.isClientSide() && token.isDerivedKeys()) {
+                
+                //If we already have them, simply return
+                if(this.encryptedKeyId != null && this.encryptedKeyValue != null)
{
+                    return;
+                }
+                
+                //Use the secret from the incoming EncryptedKey element
+                Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+                if(resultsObj != null) {
+                    encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
+                    encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+                    if(encryptedKeyId == null || encryptedKeyValue == null) {
+                        throw new RampartException("missingEncryptedKeyInRequest");
+                    }
+                } else {
+                    throw new RampartException("noSecurityResults");
+                }
+            } else {
+                //Set up the encrypted key to use
+                encrKey = this.getEncryptedKeyBuilder(rmd, token);
 
-        // Add the EncryptedKey
-        this.encrTokenElement = encrKey.getEncryptedKeyElement();
-        this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
-                this.getInsertionLocation(), encrTokenElement));
+                Element bstElem = encrKey.getBinarySecurityTokenElement();
+                if (bstElem != null) {
+                    // If a BST is available then use it
+                    RampartUtil.appendChildToSecHeader(rmd, bstElem);
+                }
+                
+                // Add the EncryptedKey
+                encrTokenElement = encrKey.getEncryptedKeyElement();
+                this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+                        encrTokenElement);
+                encryptedKeyValue = encrKey.getEphemeralKey();
+                encryptedKeyId = encrKey.getId();
+
+                //Store the token for client - response verification 
+                // and server - response creation
+                try {
+                    org.apache.rahas.Token tok = new org.apache.rahas.Token(
+                            encryptedKeyId, (OMElement)encrTokenElement , null, null);
+                    tok.setSecret(encryptedKeyValue);
+                    rmd.getTokenStorage().add(tok);
+                } catch (TrustException e) {
+                    throw new RampartException("errorInAddingTokenIntoStore", e);
+                }
+            }
     }
 }

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/InflowConfiguration.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/InflowConfiguration.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/InflowConfiguration.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/InflowConfiguration.java
Sun Nov 19 16:40:40 2006
@@ -29,6 +29,8 @@
 /**
  * This is the representation of the inflow configurations of the security
  * module.
+ * 
+ * @deprecated
  */
 public class InflowConfiguration {
 	

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/OutflowConfiguration.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/OutflowConfiguration.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/OutflowConfiguration.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/handler/config/OutflowConfiguration.java
Sun Nov 19 16:40:40 2006
@@ -29,6 +29,8 @@
 /**
  * This is the representation of the outflow configurations of the security
  * module.
+ * 
+ * @deprecated
  */
 public class OutflowConfiguration {
 

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/HandlerParameterDecoder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/HandlerParameterDecoder.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/HandlerParameterDecoder.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/HandlerParameterDecoder.java
Sun Nov 19 16:40:40 2006
@@ -94,7 +94,7 @@
 			Iterator childElements = actionElem.getChildElements();
 			while (childElements.hasNext()) {
 				OMElement element = (OMElement) childElements.next();
-				msgCtx.setProperty(element.getLocalName(), element.getText());
+				msgCtx.setProperty(element.getLocalName(), element.getText().trim());
 			}
 
 		}
@@ -126,7 +126,7 @@
 				while (paramElements.hasNext()) {
 					OMElement elem = (OMElement) paramElements.next();
                     String localName = elem.getLocalName();
-                    String text = elem.getText();
+                    String text = elem.getText().trim();
                     if(localName.equals(WSSHandlerConstants.SIGN_ALL_HEADERS)) {
                         signAllHeaders = true;
                     } else if(localName.equals(WSSHandlerConstants.SIGN_BODY)) {
@@ -171,18 +171,19 @@
                 OMElement element = (OMElement) childElements.next();
                 
                 String localName = element.getLocalName();
+                String text = element.getText().trim();
                 if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
-                    outflowConfiguration.setPasswordCallbackClass(element.getText());
+                    outflowConfiguration.setPasswordCallbackClass(text);
                 } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
-                    outflowConfiguration.setSignaturePropFile(element.getText());
+                    outflowConfiguration.setSignaturePropFile(text);
                 } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) {
-                    outflowConfiguration.setEncryptionPropFile(element.getText());
+                    outflowConfiguration.setEncryptionPropFile(text);
                 } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) {
-                    outflowConfiguration.setEmbeddedKeyCallbackClass(element.getText());
+                    outflowConfiguration.setEmbeddedKeyCallbackClass(text);
                 } else if(localName.equals(WSHandlerConstants.USER)) {
-                    outflowConfiguration.setUser(element.getText());
+                    outflowConfiguration.setUser(text);
                 } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) {
-                    outflowConfiguration.setEncryptionUser(element.getText());
+                    outflowConfiguration.setEncryptionUser(text);
                 }
             }
             return outflowConfiguration;
@@ -210,16 +211,18 @@
                 OMElement element = (OMElement) childElements.next();
                 
                 String localName = element.getLocalName();
+                String text = element.getText().trim();
+                
                 if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
-                    inflowConfiguration.setPasswordCallbackClass(element.getText());
+                    inflowConfiguration.setPasswordCallbackClass(text);
                 } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
-                    inflowConfiguration.setSignaturePropFile(element.getText());
+                    inflowConfiguration.setSignaturePropFile(text);
                 } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) {
-                    inflowConfiguration.setDecryptionPropFile(element.getText());
+                    inflowConfiguration.setDecryptionPropFile(text);
                 } else if (WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION
                         .equals(localName)) {
-                    if ("false".equals(element.getText())
-                            || "0".equals(element.getText())) {
+                    if ("false".equals(text)
+                            || "0".equals(text)) {
                         inflowConfiguration
                                 .setEnableSignatureConfirmation(false);
                     }

Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/RampartUtil.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/util/RampartUtil.java
Sun Nov 19 16:40:40 2006
@@ -627,6 +627,8 @@
             Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
             if(resultsObj != null) {
                 encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+            } else {
+                throw new RampartException("noSecurityResults");
             }
         } else {
             encrKeyBuilder.setUserInfo(encrUser);
@@ -660,4 +662,53 @@
         return null;
     }
     
+    public static String getRequestEncryptedKeyId(Vector results) {
+        
+        for (int i = 0; i < results.size(); i++) {
+            WSHandlerResult rResult =
+                    (WSHandlerResult) results.get(i);
+
+            Vector wsSecEngineResults = rResult.getResults();
+            /*
+            * Scan the results for the first Signature action. Use the
+            * certificate of this Signature to set the certificate for the
+            * encryption action :-).
+            */
+            for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                WSSecurityEngineResult wser =
+                        (WSSecurityEngineResult) wsSecEngineResults.get(j);
+                if (wser.getAction() == WSConstants.ENCR && 
+                        wser.getEncryptedKeyId() != null) {
+                    return wser.getEncryptedKeyId();
+                }
+            }
+        }
+        
+        return null;
+    }
+    
+    public static byte[] getRequestEncryptedKeyValue(Vector results) {
+        
+        for (int i = 0; i < results.size(); i++) {
+            WSHandlerResult rResult =
+                    (WSHandlerResult) results.get(i);
+
+            Vector wsSecEngineResults = rResult.getResults();
+            /*
+            * Scan the results for the first Signature action. Use the
+            * certificate of this Signature to set the certificate for the
+            * encryption action :-).
+            */
+            for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                WSSecurityEngineResult wser =
+                        (WSSecurityEngineResult) wsSecEngineResults.get(j);
+                if (wser.getAction() == WSConstants.ENCR && 
+                        wser.getDecryptedKey() != null) {
+                    return wser.getDecryptedKey();
+                }
+            }
+        }
+        
+        return null;
+    }
 }

Modified: webservices/axis2/branches/java/1_1/modules/security/test/org/apache/rampart/MessageBuilderTestBase.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/test/org/apache/rampart/MessageBuilderTestBase.java?view=diff&rev=476999&r1=476998&r2=476999
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/test/org/apache/rampart/MessageBuilderTestBase.java
(original)
+++ webservices/axis2/branches/java/1_1/modules/security/test/org/apache/rampart/MessageBuilderTestBase.java
Sun Nov 19 16:40:40 2006
@@ -22,11 +22,13 @@
 import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.client.Options;
+import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.context.ServiceContext;
 import org.apache.axis2.context.ServiceGroupContext;
 import org.apache.axis2.description.AxisService;
 import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.engine.AxisConfiguration;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyEngine;
 import org.apache.ws.security.WSConstants;
@@ -59,8 +61,12 @@
      */
     protected MessageContext getMsgCtx() throws Exception {
         MessageContext ctx = new MessageContext();
+        
+        ctx.setConfigurationContext(new ConfigurationContext(new AxisConfiguration()));
         AxisService axisService = new AxisService("TestService");
-        ctx.setServiceContext(new ServiceContext(axisService, new ServiceGroupContext(null,
null)));
+        ServiceContext serviceContext = new ServiceContext(axisService, 
+                new ServiceGroupContext(null, null));
+        ctx.setServiceContext(serviceContext);
         ctx.setAxisService(axisService);
         ctx.setAxisOperation(new OutInAxisOperation(new QName("http://rampart.org", "test")));
         Options options = new Options();



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message