cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1189703 - in /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: policyhandlers/ policyvalidators/
Date Thu, 27 Oct 2011 10:51:39 GMT
Author: coheigea
Date: Thu Oct 27 10:51:39 2011
New Revision: 1189703

URL: http://svn.apache.org/viewvc?rev=1189703&view=rev
Log:
Added support to also encrypt SignatureConfirmation elements when the SignatureProtection
property of the binding is enabled

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1189703&r1=1189702&r2=1189703&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Oct 27 10:51:39 2011
@@ -144,6 +144,7 @@ public abstract class AbstractBindingBui
     protected SoapMessage message;
     protected WSSecTimestamp timestampEl;
     protected String mainSigId;
+    protected List<WSEncryptionPart> sigConfList;
     
     protected Set<String> encryptedTokensIdList = new HashSet<String>();
 
@@ -1909,6 +1910,7 @@ public abstract class AbstractBindingBui
                     WSConstants.UT_SIGN, signatureActions);
         }
         
+        sigConfList = new ArrayList<WSEncryptionPart>();
         // prepare a SignatureConfirmation token
         WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
         if (signatureActions.size() > 0) {
@@ -1918,7 +1920,10 @@ public abstract class AbstractBindingBui
                 wsc.prepare(saaj.getSOAPPart());
                 addSupportingElement(wsc.getSignatureConfirmationElement());
                 if (sigParts != null) {
-                    sigParts.add(new WSEncryptionPart(wsc.getId()));
+                    WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
+                    part.setElement(wsc.getSignatureConfirmationElement());
+                    sigParts.add(part);
+                    sigConfList.add(part);
                 }
             }
         } else {
@@ -1926,7 +1931,10 @@ public abstract class AbstractBindingBui
             wsc.prepare(saaj.getSOAPPart());
             addSupportingElement(wsc.getSignatureConfirmationElement());
             if (sigParts != null) {
-                sigParts.add(new WSEncryptionPart(wsc.getId()));
+                WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
+                part.setElement(wsc.getSignatureConfirmationElement());
+                sigParts.add(part);
+                sigConfList.add(part);
             }
         }
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1189703&r1=1189702&r2=1189703&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Oct 27 10:51:39 2011
@@ -150,10 +150,15 @@ public class AsymmetricBindingHandler ex
             List<WSEncryptionPart> enc = getEncryptedParts();
             
             //Check for signature protection
-            if (abinding.isSignatureProtection() && mainSigId != null) {
-                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
-                sigPart.setElement(bottomUpElement);
-                enc.add(sigPart);
+            if (abinding.isSignatureProtection()) {
+                if (mainSigId != null) {
+                    WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+                    sigPart.setElement(bottomUpElement);
+                    enc.add(sigPart);
+                }
+                if (sigConfList != null && !sigConfList.isEmpty()) {
+                    enc.addAll(sigConfList);
+                }
             }
             
             if (isRequestor()) {
@@ -257,13 +262,19 @@ public class AsymmetricBindingHandler ex
             }
             
             // Check for signature protection
-            if (abinding.isSignatureProtection() && mainSigId != null) {
+            if (abinding.isSignatureProtection()) {
                 List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
 
                 // Now encrypt the signature using the above token
-                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
-                sigPart.setElement(bottomUpElement);
-                secondEncrParts.add(sigPart);
+                if (mainSigId != null) {
+                    WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+                    sigPart.setElement(bottomUpElement);
+                    secondEncrParts.add(sigPart);
+                }
+                
+                if (sigConfList != null && !sigConfList.isEmpty()) {
+                    secondEncrParts.addAll(sigConfList);
+                }
                 
                 if (isRequestor()) {
                     for (String id : encryptedTokensIdList) {
@@ -271,7 +282,7 @@ public class AsymmetricBindingHandler ex
                     }
                 }
 
-                if (encryptionToken.isDerivedKeys()) {
+                if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty())
{
                     try {
                         Element secondRefList 
                             = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
@@ -280,7 +291,7 @@ public class AsymmetricBindingHandler ex
                     } catch (WSSecurityException ex) {
                         throw new Fault(ex);
                     }
-                } else {
+                } else if (!secondEncrParts.isEmpty()) {
                     try {
                         // Encrypt, get hold of the ref list and add it
                         Element secondRefList = saaj.getSOAPPart()

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1189703&r1=1189702&r2=1189703&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Oct 27 10:51:39 2011
@@ -221,16 +221,21 @@ public class SymmetricBindingHandler ext
                 }
                 
                 //Check for signature protection and encryption of UsernameToken
-                if (sbinding.isSignatureProtection() && this.mainSigId != null 
+                if (sbinding.isSignatureProtection() 
                     || encryptedTokensIdList.size() > 0 && isRequestor()) {
                     List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
                     
                     //Now encrypt the signature using the above token
                     if (sbinding.isSignatureProtection()) {
-                        WSEncryptionPart sigPart = 
-                            new WSEncryptionPart(this.mainSigId, "Element");
-                        sigPart.setElement(bottomUpElement);
-                        secondEncrParts.add(sigPart);
+                        if (this.mainSigId != null) {
+                            WSEncryptionPart sigPart = 
+                                new WSEncryptionPart(this.mainSigId, "Element");
+                            sigPart.setElement(bottomUpElement);
+                            secondEncrParts.add(sigPart);
+                        }
+                        if (sigConfList != null && !sigConfList.isEmpty()) {
+                            secondEncrParts.addAll(sigConfList);
+                        }
                     }
                     
                     if (isRequestor()) {
@@ -241,11 +246,11 @@ public class SymmetricBindingHandler ext
                     
                     Element secondRefList = null;
                     
-                    if (encryptionToken.isDerivedKeys()) {
+                    if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty())
{
                         secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,

                                 secondEncrParts);
                         this.addDerivedKeyElement(secondRefList);
-                    } else {
+                    } else if (!secondEncrParts.isEmpty()) {
                         //Encrypt, get hold of the ref list and add it
                         secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, encrParts);
                         this.addDerivedKeyElement(secondRefList);
@@ -358,10 +363,15 @@ public class SymmetricBindingHandler ext
             List<WSEncryptionPart> enc = getEncryptedParts();
             
             //Check for signature protection
-            if (sbinding.isSignatureProtection() && mainSigId != null) {
-                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
-                sigPart.setElement(bottomUpElement);
-                enc.add(sigPart);
+            if (sbinding.isSignatureProtection()) {
+                if (mainSigId != null) {
+                    WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+                    sigPart.setElement(bottomUpElement);
+                    enc.add(sigPart);
+                }
+                if (sigConfList != null && !sigConfList.isEmpty()) {
+                    enc.addAll(sigConfList);
+                }
             }
             
             if (isRequestor()) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1189703&r1=1189702&r2=1189703&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Thu Oct 27 10:51:39 2011
@@ -310,8 +310,8 @@ public abstract class AbstractBindingPol
     protected boolean isSignatureEncrypted() {
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
-            if (actInt.intValue() == WSConstants.SIGN) {
-                // TODO || actInt.intValue() == WSConstants.SC) {
+            if (actInt.intValue() == WSConstants.SIGN
+                || actInt.intValue() == WSConstants.SC) {
                 String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
                 if (sigId == null || !isIdEncrypted(sigId)) {
                     return false;



Mime
View raw message