cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1031652 - in /cxf/sandbox/wss4j-1.6-port: ./ rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apach...
Date Fri, 05 Nov 2010 16:07:12 GMT
Author: coheigea
Date: Fri Nov  5 16:07:11 2010
New Revision: 1031652

URL: http://svn.apache.org/viewvc?rev=1031652&view=rev
Log:
Adding a branch of the WSS4J 1.6 port to sandbox.
 - An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT.
 - All the unit tests pass, 13 system tests are failing.
 - WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but will be shortly
when I set up the hudson build.

Added:
    cxf/sandbox/wss4j-1.6-port/
      - copied from r1031553, cxf/trunk/
Modified:
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov  5 16:07:11 2010
@@ -91,7 +91,7 @@
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
-            <version>1.5.9</version>
+            <version>1.6-SNAPSHOT</version>
             <exclusions>
                 <exclusion>
                     <groupId>axis</groupId>

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Fri Nov  5 16:07:11 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic
 
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.List;
 import java.util.Vector;
 
 
@@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi
                             WSHandlerResult rResult =
                                     (WSHandlerResult) results.get(i);
     
-                            Vector wsSecEngineResults = rResult.getResults();
+                            List wsSecEngineResults = rResult.getResults();
     
                             for (int j = 0; j < wsSecEngineResults.size(); j++) {
                                 //WSSecurityEngineResult wser =

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
Fri Nov  5 16:07:11 2010
@@ -455,7 +455,7 @@ class SecureConversationInInterceptor ex
                     WSHandlerResult rResult =
                             (WSHandlerResult) results.get(i);
     
-                    Vector wsSecEngineResults = rResult.getResults();
+                    List wsSecEngineResults = rResult.getResults();
     
                     for (int j = 0; j < wsSecEngineResults.size(); j++) {
                         WSSecurityEngineResult wser =

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
Fri Nov  5 16:07:11 2010
@@ -224,7 +224,7 @@ public abstract class AbstractUsernameTo
             if (c instanceof WSPasswordCallback) {
                 WSPasswordCallback pc = (WSPasswordCallback)c;
                 if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType()) 
-                    && pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
{
+                    && pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
                     AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
                         pc.getIdentifier(), pc.getPassword(), false, null, null);
                 } 

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
Fri Nov  5 16:07:11 2010
@@ -82,9 +82,9 @@ public final class CryptoCoverageUtil {
                 final WSDataRef signedRef = signedRefsIt.next();
                 
                 if (isSignedEncryptionRef(encryptedRef, signedRef)) {
-                    
-                    final WSDataRef encryptedSignedRef = 
-                        new WSDataRef(signedRef.getDataref());
+
+                    final WSDataRef encryptedSignedRef = new WSDataRef();
+                    encryptedSignedRef.setWsuId(signedRef.getWsuId());
                     
                     encryptedSignedRef.setContent(false);
                     encryptedSignedRef.setName(encryptedRef.getName());

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Fri Nov  5 16:07:11 2010
@@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept
     }
     
     protected void doResults(SoapMessage msg, String actor, 
-                             SOAPMessage doc, Vector results, boolean utWithCallbacks) 
+                             SOAPMessage doc, List results, boolean utWithCallbacks) 
         throws SOAPException, XMLStreamException, WSSecurityException {
         
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
Fri Nov  5 16:07:11 2010
@@ -20,7 +20,7 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.security.Principal;
-import java.util.Vector;
+import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho
     
     @SuppressWarnings("unchecked")
     public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler
cb, 
-        WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException
{
+        WSDocInfo wsDocInfo, List returnResults, WSSConfig wsc) throws WSSecurityException
{
         if (LOG.isLoggable(Level.FINE)) {
             LOG.fine("Found UsernameToken list element");
         }

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Nov  5 16:07:11 2010
@@ -192,7 +192,7 @@ public class WSS4JInInterceptor extends 
         try {
             reqData.setMsgContext(msg);
             computeAction(msg, reqData);
-            Vector actions = new Vector();
+            List actions = new Vector();
             String action = getAction(msg, version);
 
             int doAction = WSSecurityUtil.decodeAction(action, actions);
@@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends 
              */
             doReceiverAction(doAction, reqData);
             
-            Vector wsResult = null;
+            List wsResult = null;
             if (doTimeLog) {
                 t1 = System.currentTimeMillis();
             }
@@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends 
         }
     }
 
-    private void checkActions(SoapMessage msg, RequestData reqData, Vector wsResult, Vector
actions) 
+    private void checkActions(SoapMessage msg, RequestData reqData, List wsResult, List actions)

         throws WSSecurityException {
         /*
          * now check the security actions: do they match, in any order?
@@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends 
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
         }
     }
-    private void checkSignatures(SoapMessage msg, RequestData reqData, Vector wsResult) 
+    private void checkSignatures(SoapMessage msg, RequestData reqData, List wsResult) 
         throws WSSecurityException {
         /*
          * Now we can check the certificate used to sign the message. In the
@@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends 
          */
 
         // Extract the signature action result from the action vector
-        Vector signatureResults = new Vector();
+        List signatureResults = new Vector();
         signatureResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults);
 
@@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends 
         }
     }
     
-    protected void checkTimestamps(SoapMessage msg, RequestData reqData, Vector wsResult)

+    protected void checkTimestamps(SoapMessage msg, RequestData reqData, List wsResult) 
         throws WSSecurityException {
         /*
          * Perform further checks on the timestamp that was transmitted in
@@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends 
          * other validation algorithms for subclasses.
          */
         // Extract the timestamp action result from the action vector
-        Vector timestampResults = new Vector();
+        List timestampResults = new Vector();
         timestampResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults);
 
@@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends 
         
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult)
+    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult)
         throws SOAPException, XMLStreamException, WSSecurityException {
         doResults(msg, actor, doc, wsResult, false);
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult,

+    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult,

         boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException
{
         /*
          * All ok up to this point. Now construct and setup the security result

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Nov  5 16:07:11 2010
@@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -40,6 +43,10 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.security.auth.callback.CallbackHandler;
+import javax.xml.crypto.XMLStructure;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Transform;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPHeader;
@@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.transform.STRTransform;
 import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
 
 /**
  * 
  */
 public abstract class AbstractBindingBuilder {
     public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
-    private static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
+    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
     
     
     protected SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
@@ -569,8 +573,7 @@ public abstract class AbstractBindingBui
                     // coupled with WSSecSignatureHelper. This approach is used so that
                     // we can force WSS4J to sign the assertion through a STR that
                     // WSS4J did not create during message signature creation.
-                    part = new WSEncryptionPart(tempSig.getStrUri(), "ExternalSTRTransform",
"Element",
-                          WSConstants.PART_TYPE_ELEMENT);
+                    part = new WSEncryptionPart(tempSig.getStrUri(), "ExternalSTRTransform",
"Element");
             
                 } else {
                     if (tempSig.getBSTTokenId() != null) {
@@ -922,13 +925,11 @@ public abstract class AbstractBindingBui
             if (sign) {
                 result.add(new WSEncryptionPart(
                         id,
-                        "Element",
-                        WSConstants.PART_TYPE_BODY));
+                        "Element"));
             } else {
                 result.add(new WSEncryptionPart(
                         id,
-                        "Content",
-                        WSConstants.PART_TYPE_BODY));
+                        "Content"));
             }
         }
         
@@ -958,8 +959,7 @@ public abstract class AbstractBindingBui
                     final String id = this.addWsuIdToElement(el);
                     result.add(new WSEncryptionPart(
                             id,
-                            part.getEncModifier(),
-                            WSConstants.PART_TYPE_HEADER));
+                            part.getEncModifier()));
                 }
             }
         }
@@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui
                         
                         WSEncryptionPart part = new WSEncryptionPart(
                                 id, 
-                                encryptionModifier,
-                                WSConstants.PART_TYPE_ELEMENT);
+                                encryptionModifier);
                         part.setXpath(expression);
                         
                         /**
@@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui
             WSHandlerResult rResult =
                     (WSHandlerResult) results.get(i);
 
-            Vector wsSecEngineResults = rResult.getResults();
+            List wsSecEngineResults = rResult.getResults();
             /*
             * Scan the results for the first Signature action. Use the
             * certificate of this Signature to set the certificate for the
@@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui
             WSHandlerResult rResult =
                      (WSHandlerResult) results.get(i);
 
-            Vector wsSecEngineResults = rResult.getResults();
+            List wsSecEngineResults = rResult.getResults();
             /*
              * Scan the results for a username token. Use the username
              * of this token to set the alias for the encryption user
@@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui
                     sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
                 }
                 try {
-                    sig.addReferencesToSign(sigParts, secHeader);
-                    sig.computeSignature();
-                    sig.appendToHeader(secHeader);
+                    List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+                    sig.computeSignature(referenceList, false, null);
                     
                     signatures.add(sig.getSignatureValue());
                     if (isSigProtect) {
@@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui
         
         dkSign.setParts(sigParts);
         
-        dkSign.addReferencesToSign(sigParts, secHeader);
+        List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
         
-        //Do signature
-        dkSign.computeSignature();
-
         //Add elements to header
         addSupportingElement(dkSign.getdktElement());
-        secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement());
+        
+        //Do signature
+        dkSign.computeSignature(referenceList, false, null);
         
         signatures.add(dkSign.getSignatureValue());
     }
@@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui
         sig.prepare(doc, getSignatureCrypto(null), secHeader);
 
         sig.setParts(sigParts);
-        sig.addReferencesToSign(sigParts, secHeader);
+        List referenceList = sig.addReferencesToSign(sigParts, secHeader);
 
         //Do signature
-        sig.computeSignature();
+        sig.computeSignature(referenceList, false, null);
         signatures.add(sig.getSignatureValue());
-
-        secHeader.getSecurityHeader().appendChild(sig.getSignatureElement());
     }
     protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
         assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
@@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui
                     signedEncryptedParts.add(
                             new WSEncryptionPart(
                                     encryptedPart.getEncId(),
-                                    encryptedPart.getEncModifier(),
-                                    encryptedPart.getType()));
+                                    encryptedPart.getEncModifier()));
                 }
             }
         }
@@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui
         }
 
         @Override
-        public void addReferencesToSign(Vector references,
+        public List addReferencesToSign(List references,
                 WSSecHeader secHeader) throws WSSecurityException {
             final Vector<Object> unalteredReferences = new Vector<Object>();
 
+            List uberReferences = new Vector();
             try {
+                DigestMethod digestMethod;
+                try {
+                    digestMethod = signatureFactory.newDigestMethod(this.getDigestAlgo(),
null);
+                } catch (Exception ex) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, ex
+                    );
+                }
+                
                 for (int part = 0; part < references.size(); part++) {
                     final WSEncryptionPart encPart = (WSEncryptionPart) references.get(part);
 
                     final String elemName = encPart.getName();
-                    final Transforms transforms = new Transforms(document);
 
                     if (elemName != null && "ExternalSTRTransform".equals(encPart.getNamespace()))
{
                         final Element ctx = this.createSTRParameter(document);
-                        transforms.addTransform(STRTransform.implementedTransformURI, ctx);
-                        this.sig.addDocument("#" + elemName, transforms, this.getDigestAlgo());
+                        
+                        XMLStructure structure = new DOMStructure(ctx);
+                        Transform transform =
+                            signatureFactory.newTransform(
+                                STRTransform.TRANSFORM_URI,
+                                structure
+                            );
+                        
+                        javax.xml.crypto.dsig.Reference reference = 
+                            signatureFactory.newReference(
+                                "#" + elemName, 
+                                digestMethod,
+                                Collections.singletonList(transform),
+                                null,
+                                null
+                            );
+                        uberReferences.add(reference);
                     } else {
                         unalteredReferences.add(encPart);
                     }
                 }
-            } catch (TransformationException e1) {
+            } catch (NoSuchAlgorithmException e1) {
                 throw new WSSecurityException(
                     WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
                 );
-            } catch (XMLSignatureException e1) {
+            } catch (InvalidAlgorithmParameterException e1) {
                 throw new WSSecurityException(
                     WSSecurityException.FAILED_SIGNATURE, "noXMLSig", null, e1
                 );
             }
 
-            super.addReferencesToSign(unalteredReferences, secHeader);
+            List newReferences = super.addReferencesToSign(unalteredReferences, secHeader);
+            uberReferences.addAll(newReferences);
+            return uberReferences;
         }
     }
     

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Fri Nov  5 16:07:11 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
 
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Vector;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex
 
                 dkSign.setParts(sigParts);
 
-                dkSign.addReferencesToSign(sigParts, secHeader);
-
-                // Do signature
-                dkSign.computeSignature();
-                signatures.add(dkSign.getSignatureValue());
+                List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
 
                 // Add elements to header
                 addDerivedKeyElement(dkSign.getdktElement());
-                insertBeforeBottomUp(dkSign.getSignatureElement());                
-                mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+                
+                //Do signature
+                if (bottomUpElement == null) {
+                    dkSign.computeSignature(referenceList, false, null);
+                } else {
+                    dkSign.computeSignature(referenceList, true, bottomUpElement);
+                }
+                bottomUpElement = dkSign.getSignatureElement();
+                signatures.add(dkSign.getSignatureValue());
+                
+                // TODO mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+                mainSigId = dkSign.getId();
             } catch (Exception e) {
                 //REVISIT
                 e.printStackTrace();
@@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex
             }
 
             sig.prependBSTElementToHeader(secHeader);
-            insertBeforeBottomUp(sig.getSignatureElement());
             sigParts.addAll(this.getSignedParts());
             
-            sig.addReferencesToSign(sigParts, secHeader);
-            sig.computeSignature();
+            List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+            //Do signature
+            if (bottomUpElement == null) {
+                sig.computeSignature(referenceList, false, null);
+            } else {
+                sig.computeSignature(referenceList, true, bottomUpElement);
+            }
+            bottomUpElement = sig.getSignatureElement();
+            
             signatures.add(sig.getSignatureValue());
                         
-            mainSigId = addWsuIdToElement(sig.getSignatureElement());
+            //TODO mainSigId = addWsuIdToElement(sig.getSignatureElement());
+            mainSigId = sig.getId();
         }
     }
 
@@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex
             WSHandlerResult rResult =
                     (WSHandlerResult) results.get(i);
 
-            Vector wsSecEngineResults = rResult.getResults();
+            List wsSecEngineResults = rResult.getResults();
             /*
             * Scan the results for the first Signature action. Use the
             * certificate of this Signature to set the certificate for the
@@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex
             WSHandlerResult rResult =
                     (WSHandlerResult) results.get(i);
 
-            Vector wsSecEngineResults = rResult.getResults();
+            List wsSecEngineResults = rResult.getResults();
             /*
             * Scan the results for the first Signature action. Use the
             * certificate of this Signature to set the certificate for the

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Nov  5 16:07:11 2010
@@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Calendar;
+import java.util.List;
 import java.util.Vector;
+import java.util.logging.Level;
 
 import javax.xml.soap.SOAPMessage;
 
@@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext
                     
                     if (!isRequestor()) {
                         if (encrTok.getSHA1() != null) {
-                            encr.setUseKeyIdentifier(true);
                             encr.setCustomReferenceValue(encrTok.getSHA1());
                             encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
                         } else {
-                            encr.setUseKeyIdentifier(true);
                             encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
                         }
                     } else {
                         if (encrToken instanceof IssuedToken) {
-                            encr.setUseKeyIdentifier(true);
                             encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
                             encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                         }
@@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext
         }
         
         dkSign.setParts(sigs);
-        dkSign.addReferencesToSign(sigs, secHeader);
+        List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
         
-        //Do signature
-        dkSign.computeSignature();
-
         //Add elements to header
         Element el = dkSign.getdktElement();
-        addDerivedKeyElement(el);  
-        insertBeforeBottomUp(dkSign.getSignatureElement());
-        this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+        addDerivedKeyElement(el);
+        
+        //Do signature
+        if (bottomUpElement == null) {
+            dkSign.computeSignature(referenceList, false, null);
+        } else {
+            dkSign.computeSignature(referenceList, true, bottomUpElement);
+        }
+        bottomUpElement = dkSign.getSignatureElement();
+        
+        // TODO this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
+        this.mainSigId = dkSign.getId();
 
         return dkSign.getSignatureValue();        
     }
@@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext
             }
             this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
+            String soap = org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart());
+            LOG.log(Level.FINE, "SOAP: " + soap);
             sig.setParts(sigs);
-            sig.addReferencesToSign(sigs, secHeader);
+            List referenceList = sig.addReferencesToSign(sigs, secHeader);
 
             //Do signature
-            sig.computeSignature();
+            if (bottomUpElement == null) {
+                sig.computeSignature(referenceList, false, null);
+            } else {
+                sig.computeSignature(referenceList, true, bottomUpElement);
+            }
+            bottomUpElement = sig.getSignatureElement();
 
-            Element mainSigElement = sig.getSignatureElement();
-            insertBeforeBottomUp(mainSigElement);
-            mainSigId = addWsuIdToElement(mainSigElement);
+            // TODO mainSigId = addWsuIdToElement(mainSigElement);
+            this.mainSigId = sig.getId();
             return sig.getSignatureValue();
         }
     }
@@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext
     
     private String getEncryptedKey() {
         
-        Vector results = (Vector)message.getExchange().getInMessage()
+        List results = (List)message.getExchange().getInMessage()
             .get(WSHandlerConstants.RECV_RESULTS);
         
         for (int i = 0; i < results.size(); i++) {
             WSHandlerResult rResult =
                     (WSHandlerResult) results.get(i);
 
-            Vector wsSecEngineResults = rResult.getResults();
+            List wsSecEngineResults = rResult.getResults();
             
             for (int j = 0; j < wsSecEngineResults.size(); j++) {
                 WSSecurityEngineResult wser =

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Fri Nov  5 16:07:11 2010
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Vector;
 
 import javax.xml.soap.SOAPMessage;
@@ -262,13 +263,11 @@ public class TransportBindingHandler ext
             */
             
             dkSig.setParts(sigParts);
-            dkSig.addReferencesToSign(sigParts, secHeader);
+            List referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
             
             //Do signature
-            dkSig.computeSignature();
-            
             dkSig.appendDKElementToHeader(secHeader);
-            dkSig.appendSigToHeader(secHeader);
+            dkSig.computeSignature(referenceList, false, null);
             
             return dkSig.getSignatureValue();
         } else {
@@ -276,10 +275,14 @@ public class TransportBindingHandler ext
             if (sig != null) {
                 sig.prependBSTElementToHeader(secHeader);
             
-                sig.addReferencesToSign(sigParts, secHeader);
-                insertBeforeBottomUp(sig.getSignatureElement());
-            
-                sig.computeSignature();
+                List referenceList = sig.addReferencesToSign(sigParts, secHeader);
+                
+                if (bottomUpElement == null) {
+                    sig.computeSignature(referenceList, false, null);
+                } else {
+                    sig.computeSignature(referenceList, true, bottomUpElement);
+                }
+                bottomUpElement = sig.getSignatureElement();
             
                 return sig.getSignatureValue();
             } else {
@@ -375,12 +378,10 @@ public class TransportBindingHandler ext
             addDerivedKeyElement(dkSign.getdktElement());
           
             dkSign.setParts(sigParts);
-            dkSign.addReferencesToSign(sigParts, secHeader);
+            List referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
           
             //Do signature
-            dkSign.computeSignature();
-          
-            dkSign.appendSigToHeader(secHeader);
+            dkSign.computeSignature(referenceList, false, null);
           
             return dkSign.getSignatureValue();
         } else {
@@ -425,14 +426,16 @@ public class TransportBindingHandler ext
             sig.prepare(doc, crypto, secHeader);
 
             sig.setParts(sigParts);
-            sig.addReferencesToSign(sigParts, secHeader);
+            List referenceList = sig.addReferencesToSign(sigParts, secHeader);
 
             //Do signature
-            sig.computeSignature();
-
-            //Add elements to header
-            insertBeforeBottomUp(sig.getSignatureElement());
-
+            if (bottomUpElement == null) {
+                sig.computeSignature(referenceList, false, null);
+            } else {
+                sig.computeSignature(referenceList, true, bottomUpElement);
+            }
+            bottomUpElement = sig.getSignatureElement();
+        
             return sig.getSignatureValue();
         }
     }

Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
==============================================================================
--- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
(original)
+++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
Fri Nov  5 16:07:11 2010
@@ -40,7 +40,7 @@ public class CustomProcessor implements 
         final Crypto decCrypto,
         final javax.security.auth.callback.CallbackHandler cb, 
         final WSDocInfo wsDocInfo, 
-        final java.util.Vector returnResults,
+        final java.util.List returnResults,
         final WSSConfig config
     ) throws WSSecurityException {
         final java.util.Map result = 



Mime
View raw message