cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1338623 - in /cxf/branches/2.5.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/
Date Tue, 15 May 2012 10:21:55 GMT
Author: coheigea
Date: Tue May 15 10:21:55 2012
New Revision: 1338623

URL: http://svn.apache.org/viewvc?rev=1338623&view=rev
Log:
[CXF-4316] - Support SupportingToken SignedElements with the Transport binding


Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified:
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1338623&r1=1338622&r2=1338623&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Tue May 15 10:21:55 2012
@@ -531,6 +531,7 @@ public abstract class AbstractBindingBui
                     try {
                         uname = crypto.getX509Identifier(secToken.getX509Certificate());
                     } catch (WSSecurityException e1) {
+                        LOG.log(Level.FINE, e1.getMessage(), e1);
                         throw new Fault(e1);
                     }
 
@@ -539,6 +540,7 @@ public abstract class AbstractBindingBui
                     try {
                         sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
                     } catch (WSSecurityException e) {
+                        LOG.log(Level.FINE, e.getMessage(), e);
                         throw new Fault(e);
                     }
                     
@@ -1217,7 +1219,8 @@ public abstract class AbstractBindingBui
         // Handle sign/enc elements
         try {
             result.addAll(this.getElements("Element", xpaths, namespaces, found));
-        } catch (XPathExpressionException e) {  
+        } catch (XPathExpressionException e) {
+            LOG.log(Level.FINE, e.getMessage(), e);
             // REVISIT
         }
         
@@ -1225,6 +1228,7 @@ public abstract class AbstractBindingBui
         try {
             result.addAll(this.getElements("Content", contentXpaths, cnamespaces, found));
         } catch (XPathExpressionException e) {
+            LOG.log(Level.FINE, e.getMessage(), e);
             // REVISIT
         }
         
@@ -1254,7 +1258,7 @@ public abstract class AbstractBindingBui
      *             if there is an error extracting SOAP content from the SAAJ
      *             model
      */
-    private List<WSEncryptionPart> getParts(boolean sign,
+    protected List<WSEncryptionPart> getParts(boolean sign,
             boolean includeBody, List<WSEncryptionPart> parts,
             List<Element> found) throws SOAPException {
         
@@ -1333,7 +1337,7 @@ public abstract class AbstractBindingBui
      *             if there is an error extracting SOAP content from the SAAJ
      *             model
      */
-    private List<WSEncryptionPart> getElements(String encryptionModifier,
+    protected List<WSEncryptionPart> getElements(String encryptionModifier,
             List<String> xpaths, Map<String, String> namespaces,
             List<Element> found) throws XPathExpressionException, SOAPException {
         
@@ -1761,6 +1765,7 @@ public abstract class AbstractBindingBui
             try {
                 user = crypto.getDefaultX509Identifier();
             } catch (WSSecurityException e1) {
+                LOG.log(Level.FINE, e1.getMessage(), e1);
                 throw new Fault(e1);
             }
         }
@@ -1778,6 +1783,7 @@ public abstract class AbstractBindingBui
         try {
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
         } catch (WSSecurityException e) {
+            LOG.log(Level.FINE, e.getMessage(), e);
             policyNotAsserted(token, e);
         }
         
@@ -1849,8 +1855,7 @@ public abstract class AbstractBindingBui
                         doSymmSignature(ent.getKey(), token, sigParts, isTokenProtection);
                     }
                 } catch (Exception e) {
-                    // TODO Auto-generated catch block
-                    e.printStackTrace();
+                    LOG.log(Level.FINE, e.getMessage(), e);
                 }
             } else if (tempTok instanceof WSSecUsernameToken) {
                 WSSecUsernameToken utBuilder = (WSSecUsernameToken)tempTok;
@@ -1876,8 +1881,7 @@ public abstract class AbstractBindingBui
                         doSymmSignature(ent.getKey(), secToken, sigParts, isTokenProtection);
                     }
                 } catch (Exception e) {
-                    // TODO Auto-generated catch block
-                    e.printStackTrace();
+                    LOG.log(Level.FINE, e.getMessage(), e);
                 }
                 
             }

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1338623&r1=1338622&r2=1338623&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Tue May 15 10:21:55 2012
@@ -23,9 +23,12 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
 import java.util.List;
+import java.util.logging.Level;
 
 import javax.xml.crypto.dsig.Reference;
+import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
+import javax.xml.xpath.XPathExpressionException;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -45,6 +48,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.SamlToken;
 import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.cxf.ws.security.policy.model.Token;
@@ -148,6 +152,7 @@ public class TransportBindingHandler ext
                 addSignatureConfirmation(null);
             }
         } catch (Exception e) {
+            LOG.log(Level.FINE, e.getMessage(), e);
             throw new Fault(e);
         }
     }
@@ -272,7 +277,6 @@ public class TransportBindingHandler ext
     private void handleEndorsingToken(
         Token token, SupportingToken wrapper, List<byte[]> signatureValues
     ) throws Exception {
-        SignedEncryptedParts signdParts = wrapper.getSignedParts();
         if (token instanceof IssuedToken
             || token instanceof SecureConversationToken
             || token instanceof SecurityContextToken
@@ -280,13 +284,13 @@ public class TransportBindingHandler ext
             || token instanceof KerberosToken) {
             addSig(
                 signatureValues, 
-                doIssuedTokenSignature(token, signdParts, wrapper)
+                doIssuedTokenSignature(token, wrapper)
             );
         } else if (token instanceof X509Token
             || token instanceof KeyValueToken) {
             addSig(
                 signatureValues, 
-                doX509TokenSignature(token, signdParts, wrapper)
+                doX509TokenSignature(token, wrapper)
             );
         } else if (token instanceof SamlToken) {
             AssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
@@ -294,7 +298,7 @@ public class TransportBindingHandler ext
             storeAssertionAsSecurityToken(assertionWrapper);
             addSig(
                 signatureValues, 
-                doIssuedTokenSignature(token, signdParts, wrapper)
+                doIssuedTokenSignature(token, wrapper)
             );
         } else if (token instanceof UsernameToken) {
             // Create a UsernameToken object for derived keys and store the security token
@@ -313,37 +317,20 @@ public class TransportBindingHandler ext
             
             addSig(
                 signatureValues, 
-                doIssuedTokenSignature(token, signdParts, wrapper)
+                doIssuedTokenSignature(token, wrapper)
             );
         }
     }
     
 
-    private byte[] doX509TokenSignature(Token token, SignedEncryptedParts signedParts,
-                                        TokenWrapper wrapper) 
+    private byte[] doX509TokenSignature(Token token, SupportingToken wrapper) 
         throws Exception {
         
         Document doc = saaj.getSOAPPart();
         
-        List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> sigParts = 
+            signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
         
-        if (timestampEl != null) {
-            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
-            sigParts.add(timestampPart);                          
-        }
-        
-        if (signedParts != null) {
-            if (signedParts.isBody()) {
-                WSEncryptionPart bodyPart = convertToEncryptionPart(saaj.getSOAPBody());
-                sigParts.add(bodyPart);
-            }
-            for (Header header : signedParts.getHeaders()) {
-                WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
-                        header.getNamespace(),
-                        "Content");
-                sigParts.add(wep);
-            }
-        }
         if (token.isDerivedKeys()) {
             WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);
             
@@ -394,12 +381,11 @@ public class TransportBindingHandler ext
     }
 
     private byte[] doIssuedTokenSignature(
-        Token token, SignedEncryptedParts signdParts, TokenWrapper wrapper
+        Token token, SupportingToken wrapper
     ) throws Exception {
         boolean tokenIncluded = false;
         // Get the issued token
         SecurityToken secTok = getSecurityToken();
-        List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
         
         if (includeToken(token.getInclusion())) {
             //Add the token
@@ -414,29 +400,8 @@ public class TransportBindingHandler ext
             tokenIncluded = true;
         }
         
-        if (timestampEl != null) {
-            WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
-            sigParts.add(timestampPart);                          
-        }
-        
-        if (signdParts != null) {
-            if (signdParts.isBody()) {
-                WSEncryptionPart bodyPart = convertToEncryptionPart(saaj.getSOAPBody());
-                sigParts.add(bodyPart);
-            }
-            if (secTok.getX509Certificate() != null) {
-                //the "getX509Certificate" this is to workaround an issue in WCF
-                //In WCF, for TransportBinding, in most cases, it doesn't want any of
-                //the headers signed even if the policy says so.   HOWEVER, for KeyValue
-                //IssuedTokens, it DOES want them signed
-                for (Header header : signdParts.getHeaders()) {
-                    WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
-                            header.getNamespace(),
-                            "Content");
-                    sigParts.add(wep);
-                }
-            }
-        }
+        List<WSEncryptionPart> sigParts = 
+                signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
         
         if (token.isDerivedKeys()) {
             return doDerivedKeySignature(tokenIncluded, secTok, token, sigParts);
@@ -590,6 +555,61 @@ public class TransportBindingHandler ext
         return sig.getSignatureValue();
     }
 
+    /**
+     * Identifies the portions of the message to be signed/encrypted.
+     */
+    private List<WSEncryptionPart> signPartsAndElements(
+        SignedEncryptedParts signedParts,
+        SignedEncryptedElements signedElements
+    ) throws SOAPException {
+        
+        List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
+        List<Element> found = new ArrayList<Element>();
+        
+        // Add timestamp
+        if (timestampEl != null) {
+            WSEncryptionPart timestampPart = 
+                    new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, "Element");
+            String id = addWsuIdToElement(timestampEl.getElement());
+            timestampPart.setId(id);
+            timestampPart.setElement(timestampEl.getElement());
+            
+            found.add(timestampPart.getElement());
+            result.add(timestampPart);
+        }
+
+        // Add SignedParts
+        if (signedParts != null) {
+            List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+            boolean isSignBody = signedParts.isBody();
+            
+            for (Header head : signedParts.getHeaders()) {
+                WSEncryptionPart wep = 
+                    new WSEncryptionPart(head.getName(), head.getNamespace(), "Element");
+                parts.add(wep);
+            }
+            
+            // Handle sign/enc parts
+            result.addAll(this.getParts(true, isSignBody, parts, found));
+        }
+        
+        if (signedElements != null) {
+            // Handle SignedElements
+            try {
+                result.addAll(
+                    this.getElements(
+                        "Element", signedElements.getXPathExpressions(), 
+                        signedElements.getDeclaredNamespaces(), found
+                    )
+                );
+            } catch (XPathExpressionException e) {
+                LOG.log(Level.FINE, e.getMessage(), e);
+                // REVISIT
+            }
+        }
+
+        return result;
+    }
 
 
 }

Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1338623&r1=1338622&r2=1338623&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
(original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
Tue May 15 10:21:55 2012
@@ -837,11 +837,9 @@
                             <sp:Body/>
                             <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
                         </sp:SignedParts>
-                        <!--
                         <sp:SignedElements>
-                            <sp:XPath>//ReplyTo</sp:XPath>
+                            <sp:XPath>//*[local-name()='ReplyTo']</sp:XPath>
                         </sp:SignedElements>
-                        -->
                     </wsp:Policy>
                 </sp:EndorsingSupportingTokens>
             </wsp:All>



Mime
View raw message