cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: svn commit: r1031652 - in /cxf/sandbox/wss4j-1.6-port: ./ rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apach...
Date Fri, 05 Nov 2010 16:50:34 GMT

Colm,


>          final WSDocInfo wsDocInfo,
> -        final java.util.Vector returnResults,
> +        final java.util.List returnResults,
>          final WSSConfig config

Is it possible to get these lists to be typed in WSS4J or do they have to be 
List<Obejct>?    For example:

List<WSResult> 

or similar?

It would make the code much more readable.

Dan




On Friday 05 November 2010 12:07:12 pm coheigea@apache.org wrote:
> Author: coheigea
> Date: Fri Nov  5 16:07:11 2010
> New Revision: 1031652
> 
> URL: http://svn.apache.org/viewvc?rev=1031652&view=rev
> Log:
> Adding a branch of the WSS4J 1.6 port to sandbox.
>  - An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT.
>  - All the unit tests pass, 13 system tests are failing.
>  - WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but
> will be shortly when I set up the hudson build.
> 
> Added:
>     cxf/sandbox/wss4j-1.6-port/
>       - copied from r1031553, cxf/trunk/
> Modified:
>     cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
>    
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/IssuedTokenInterceptorProvider.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/SecureConversationInInterceptor.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/CryptoCoverageUtil.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/PolicyBasedWSS4JInInterceptor.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/WSS4JInInterceptor.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AbstractBindingBuilder.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AsymmetricBindingHandler.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/SymmetricBindingHandler.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/TransportBindingHandler.java
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
> security/wss4j/CustomProcessor.java
> 
> Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
> URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom
> .xml?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original)
> +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov  5 16:07:11
> 2010 @@ -91,7 +91,7 @@
>          <dependency>
>              <groupId>org.apache.ws.security</groupId>
>              <artifactId>wss4j</artifactId>
> -            <version>1.5.9</version>
> +            <version>1.6-SNAPSHOT</version>
>              <exclusions>
>                  <exclusion>
>                      <groupId>axis</groupId>
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/IssuedTokenInterceptorProvider.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterc
> eptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
> +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Nov  5
> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic
> 
>  import java.util.Arrays;
>  import java.util.Collection;
> +import java.util.List;
>  import java.util.Vector;
> 
> 
> @@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi
>                              WSHandlerResult rResult =
>                                      (WSHandlerResult) results.get(i);
> 
> -                            Vector wsSecEngineResults =
> rResult.getResults(); +                            List wsSecEngineResults
> = rResult.getResults();
> 
>                              for (int j = 0; j < wsSecEngineResults.size();
> j++) { //WSSecurityEngineResult wser =
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/SecureConversationInInterceptor.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversatio
> nInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/SecureConversationInInterceptor.java
> (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/policy/interceptors/SecureConversationInInterceptor.java Fri Nov 
> 5 16:07:11 2010 @@ -455,7 +455,7 @@ class SecureConversationInInterceptor
> ex
>                      WSHandlerResult rResult =
>                              (WSHandlerResult) results.get(i);
> 
> -                    Vector wsSecEngineResults = rResult.getResults();
> +                    List wsSecEngineResults = rResult.getResults();
> 
>                      for (int j = 0; j < wsSecEngineResults.size(); j++) {
>                          WSSecurityEngineResult wser =
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthentica
> tingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
> (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Fri Nov 
> 5 16:07:11 2010 @@ -224,7 +224,7 @@ public abstract class
> AbstractUsernameTo
>              if (c instanceof WSPasswordCallback) {
>                  WSPasswordCallback pc = (WSPasswordCallback)c;
>                  if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType())
> -                    && pc.getUsage() ==
> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { +                    &&
> pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
> AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
> pc.getIdentifier(), pc.getPassword(), false, null, null); }
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/CryptoCoverageUtil.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=103
> 1652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/CryptoCoverageUtil.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/CryptoCoverageUtil.java Fri Nov  5 16:07:11 2010 @@ -82,9
> +82,9 @@ public final class CryptoCoverageUtil {
>                  final WSDataRef signedRef = signedRefsIt.next();
> 
>                  if (isSignedEncryptionRef(encryptedRef, signedRef)) {
> -
> -                    final WSDataRef encryptedSignedRef =
> -                        new WSDataRef(signedRef.getDataref());
> +
> +                    final WSDataRef encryptedSignedRef = new WSDataRef();
> +                    encryptedSignedRef.setWsuId(signedRef.getWsuId());
> 
>                      encryptedSignedRef.setContent(false);
>                      encryptedSignedRef.setName(encryptedRef.getName());
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/PolicyBasedWSS4JInInterceptor.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.j
> ava?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Nov  5 16:07:11 2010
> @@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept
>      }
> 
>      protected void doResults(SoapMessage msg, String actor,
> -                             SOAPMessage doc, Vector results, boolean
> utWithCallbacks) +                             SOAPMessage doc, List
> results, boolean utWithCallbacks) throws SOAPException,
> XMLStreamException, WSSecurityException {
> 
>          AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCa
> llbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Fri Nov  5
> 16:07:11 2010 @@ -20,7 +20,7 @@
>  package org.apache.cxf.ws.security.wss4j;
> 
>  import java.security.Principal;
> -import java.util.Vector;
> +import java.util.List;
>  import java.util.logging.Level;
>  import java.util.logging.Logger;
> 
> @@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho
> 
>      @SuppressWarnings("unchecked")
>      public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
> CallbackHandler cb, -        WSDocInfo wsDocInfo, Vector returnResults,
> WSSConfig wsc) throws WSSecurityException { +        WSDocInfo wsDocInfo,
> List returnResults, WSSConfig wsc) throws WSSecurityException { if
> (LOG.isLoggable(Level.FINE)) {
>              LOG.fine("Found UsernameToken list element");
>          }
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/WSS4JInInterceptor.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=103
> 1652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/WSS4JInInterceptor.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/WSS4JInInterceptor.java Fri Nov  5 16:07:11 2010 @@ -192,7
> +192,7 @@ public class WSS4JInInterceptor extends
>          try {
>              reqData.setMsgContext(msg);
>              computeAction(msg, reqData);
> -            Vector actions = new Vector();
> +            List actions = new Vector();
>              String action = getAction(msg, version);
> 
>              int doAction = WSSecurityUtil.decodeAction(action, actions);
> @@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends
>               */
>              doReceiverAction(doAction, reqData);
> 
> -            Vector wsResult = null;
> +            List wsResult = null;
>              if (doTimeLog) {
>                  t1 = System.currentTimeMillis();
>              }
> @@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends
>          }
>      }
> 
> -    private void checkActions(SoapMessage msg, RequestData reqData, Vector
> wsResult, Vector actions) +    private void checkActions(SoapMessage msg,
> RequestData reqData, List wsResult, List actions) throws
> WSSecurityException {
>          /*
>           * now check the security actions: do they match, in any order?
> @@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends
>              throw new
> WSSecurityException(WSSecurityException.INVALID_SECURITY); }
>      }
> -    private void checkSignatures(SoapMessage msg, RequestData reqData,
> Vector wsResult) +    private void checkSignatures(SoapMessage msg,
> RequestData reqData, List wsResult) throws WSSecurityException {
>          /*
>           * Now we can check the certificate used to sign the message. In
> the @@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends
>           */
> 
>          // Extract the signature action result from the action vector
> -        Vector signatureResults = new Vector();
> +        List signatureResults = new Vector();
>          signatureResults =
>              WSSecurityUtil.fetchAllActionResults(wsResult,
> WSConstants.SIGN, signatureResults);
> 
> @@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends
>          }
>      }
> 
> -    protected void checkTimestamps(SoapMessage msg, RequestData reqData,
> Vector wsResult) +    protected void checkTimestamps(SoapMessage msg,
> RequestData reqData, List wsResult) throws WSSecurityException {
>          /*
>           * Perform further checks on the timestamp that was transmitted in
> @@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends
>           * other validation algorithms for subclasses.
>           */
>          // Extract the timestamp action result from the action vector
> -        Vector timestampResults = new Vector();
> +        List timestampResults = new Vector();
>          timestampResults =
>              WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS,
> timestampResults);
> 
> @@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends
> 
>      }
> 
> -    protected void doResults(SoapMessage msg, String actor, SOAPMessage
> doc, Vector wsResult) +    protected void doResults(SoapMessage msg,
> String actor, SOAPMessage doc, List wsResult) throws SOAPException,
> XMLStreamException, WSSecurityException { doResults(msg, actor, doc,
> wsResult, false);
>      }
> 
> -    protected void doResults(SoapMessage msg, String actor, SOAPMessage
> doc, Vector wsResult, +    protected void doResults(SoapMessage msg,
> String actor, SOAPMessage doc, List wsResult, boolean utWithCallbacks)
> throws SOAPException, XMLStreamException, WSSecurityException { /*
>           * All ok up to this point. Now construct and setup the security
> result
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AbstractBindingBuilder.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingB
> uilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Nov  5
> 16:07:11 2010 @@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j
>  import java.io.IOException;
>  import java.io.InputStream;
>  import java.net.URL;
> +import java.security.InvalidAlgorithmParameterException;
>  import java.security.KeyStoreException;
> +import java.security.NoSuchAlgorithmException;
>  import java.security.cert.X509Certificate;
>  import java.util.ArrayList;
>  import java.util.Collection;
> +import java.util.Collections;
>  import java.util.Enumeration;
>  import java.util.HashMap;
>  import java.util.HashSet;
> @@ -40,6 +43,10 @@ import java.util.logging.Level;
>  import java.util.logging.Logger;
> 
>  import javax.security.auth.callback.CallbackHandler;
> +import javax.xml.crypto.XMLStructure;
> +import javax.xml.crypto.dom.DOMStructure;
> +import javax.xml.crypto.dsig.DigestMethod;
> +import javax.xml.crypto.dsig.Transform;
>  import javax.xml.namespace.QName;
>  import javax.xml.soap.SOAPException;
>  import javax.xml.soap.SOAPHeader;
> @@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS
>  import org.apache.ws.security.message.token.SecurityTokenReference;
>  import org.apache.ws.security.transform.STRTransform;
>  import org.apache.ws.security.util.WSSecurityUtil;
> -import org.apache.xml.security.signature.XMLSignatureException;
> -import org.apache.xml.security.transforms.TransformationException;
> -import org.apache.xml.security.transforms.Transforms;
> 
>  /**
>   *
>   */
>  public abstract class AbstractBindingBuilder {
>      public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
> -    private static final Logger LOG =
> LogUtils.getL7dLogger(AbstractBindingBuilder.class); +    protected static
> final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
> 
> 
>      protected SPConstants.ProtectionOrder protectionOrder =
> SPConstants.ProtectionOrder.SignBeforeEncrypting; @@ -569,8 +573,7 @@
> public abstract class AbstractBindingBui
>                      // coupled with WSSecSignatureHelper. This approach is
> used so that // we can force WSS4J to sign the assertion through a STR
> that // WSS4J did not create during message signature creation. -         
>           part = new WSEncryptionPart(tempSig.getStrUri(),
> "ExternalSTRTransform", "Element", -                         
> WSConstants.PART_TYPE_ELEMENT);
> +                    part = new WSEncryptionPart(tempSig.getStrUri(),
> "ExternalSTRTransform", "Element");
> 
>                  } else {
>                      if (tempSig.getBSTTokenId() != null) {
> @@ -922,13 +925,11 @@ public abstract class AbstractBindingBui
>              if (sign) {
>                  result.add(new WSEncryptionPart(
>                          id,
> -                        "Element",
> -                        WSConstants.PART_TYPE_BODY));
> +                        "Element"));
>              } else {
>                  result.add(new WSEncryptionPart(
>                          id,
> -                        "Content",
> -                        WSConstants.PART_TYPE_BODY));
> +                        "Content"));
>              }
>          }
> 
> @@ -958,8 +959,7 @@ public abstract class AbstractBindingBui
>                      final String id = this.addWsuIdToElement(el);
>                      result.add(new WSEncryptionPart(
>                              id,
> -                            part.getEncModifier(),
> -                            WSConstants.PART_TYPE_HEADER));
> +                            part.getEncModifier()));
>                  }
>              }
>          }
> @@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui
> 
>                          WSEncryptionPart part = new WSEncryptionPart(
>                                  id,
> -                                encryptionModifier,
> -                                WSConstants.PART_TYPE_ELEMENT);
> +                                encryptionModifier);
>                          part.setXpath(expression);
> 
>                          /**
> @@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui
>              WSHandlerResult rResult =
>                      (WSHandlerResult) results.get(i);
> 
> -            Vector wsSecEngineResults = rResult.getResults();
> +            List wsSecEngineResults = rResult.getResults();
>              /*
>              * Scan the results for the first Signature action. Use the
>              * certificate of this Signature to set the certificate for the
> @@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui
>              WSHandlerResult rResult =
>                       (WSHandlerResult) results.get(i);
> 
> -            Vector wsSecEngineResults = rResult.getResults();
> +            List wsSecEngineResults = rResult.getResults();
>              /*
>               * Scan the results for a username token. Use the username
>               * of this token to set the alias for the encryption user
> @@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui
>                      sigParts.add(new
> WSEncryptionPart(sig.getBSTTokenId())); }
>                  try {
> -                    sig.addReferencesToSign(sigParts, secHeader);
> -                    sig.computeSignature();
> -                    sig.appendToHeader(secHeader);
> +                    List referenceList = sig.addReferencesToSign(sigParts,
> secHeader); +                    sig.computeSignature(referenceList,
> false, null);
> 
>                      signatures.add(sig.getSignatureValue());
>                      if (isSigProtect) {
> @@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui
> 
>          dkSign.setParts(sigParts);
> 
> -        dkSign.addReferencesToSign(sigParts, secHeader);
> +        List referenceList = dkSign.addReferencesToSign(sigParts,
> secHeader);
> 
> -        //Do signature
> -        dkSign.computeSignature();
> -
>          //Add elements to header
>          addSupportingElement(dkSign.getdktElement());
> -       
> secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement()); +
> +        //Do signature
> +        dkSign.computeSignature(referenceList, false, null);
> 
>          signatures.add(dkSign.getSignatureValue());
>      }
> @@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui
>          sig.prepare(doc, getSignatureCrypto(null), secHeader);
> 
>          sig.setParts(sigParts);
> -        sig.addReferencesToSign(sigParts, secHeader);
> +        List referenceList = sig.addReferencesToSign(sigParts, secHeader);
> 
>          //Do signature
> -        sig.computeSignature();
> +        sig.computeSignature(referenceList, false, null);
>          signatures.add(sig.getSignatureValue());
> -
> -       
> secHeader.getSecurityHeader().appendChild(sig.getSignatureElement()); }
>      protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
>         
> assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING
> _TOKENS)); @@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui
>                      signedEncryptedParts.add(
>                              new WSEncryptionPart(
>                                      encryptedPart.getEncId(),
> -                                    encryptedPart.getEncModifier(),
> -                                    encryptedPart.getType()));
> +                                    encryptedPart.getEncModifier()));
>                  }
>              }
>          }
> @@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui
>          }
> 
>          @Override
> -        public void addReferencesToSign(Vector references,
> +        public List addReferencesToSign(List references,
>                  WSSecHeader secHeader) throws WSSecurityException {
>              final Vector<Object> unalteredReferences = new
> Vector<Object>();
> 
> +            List uberReferences = new Vector();
>              try {
> +                DigestMethod digestMethod;
> +                try {
> +                    digestMethod =
> signatureFactory.newDigestMethod(this.getDigestAlgo(), null); +           
>     } catch (Exception ex) {
> +                    throw new WSSecurityException(
> +                        WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
> null, ex +                    );
> +                }
> +
>                  for (int part = 0; part < references.size(); part++) {
>                      final WSEncryptionPart encPart = (WSEncryptionPart)
> references.get(part);
> 
>                      final String elemName = encPart.getName();
> -                    final Transforms transforms = new
> Transforms(document);
> 
>                      if (elemName != null &&
> "ExternalSTRTransform".equals(encPart.getNamespace())) { final Element ctx
> = this.createSTRParameter(document); -                       
> transforms.addTransform(STRTransform.implementedTransformURI, ctx); -     
>                   this.sig.addDocument("#" + elemName, transforms,
> this.getDigestAlgo()); +
> +                        XMLStructure structure = new DOMStructure(ctx);
> +                        Transform transform =
> +                            signatureFactory.newTransform(
> +                                STRTransform.TRANSFORM_URI,
> +                                structure
> +                            );
> +
> +                        javax.xml.crypto.dsig.Reference reference =
> +                            signatureFactory.newReference(
> +                                "#" + elemName,
> +                                digestMethod,
> +                                Collections.singletonList(transform),
> +                                null,
> +                                null
> +                            );
> +                        uberReferences.add(reference);
>                      } else {
>                          unalteredReferences.add(encPart);
>                      }
>                  }
> -            } catch (TransformationException e1) {
> +            } catch (NoSuchAlgorithmException e1) {
>                  throw new WSSecurityException(
>                      WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
> null, e1 );
> -            } catch (XMLSignatureException e1) {
> +            } catch (InvalidAlgorithmParameterException e1) {
>                  throw new WSSecurityException(
>                      WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
> null, e1 );
>              }
> 
> -            super.addReferencesToSign(unalteredReferences, secHeader);
> +            List newReferences =
> super.addReferencesToSign(unalteredReferences, secHeader); +           
> uberReferences.addAll(newReferences);
> +            return uberReferences;
>          }
>      }
> 
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AsymmetricBindingHandler.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindin
> gHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Nov  5
> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
> 
> 
>  import java.util.Collection;
> +import java.util.List;
>  import java.util.Vector;
>  import java.util.logging.Level;
>  import java.util.logging.Logger;
> @@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex
> 
>                  dkSign.setParts(sigParts);
> 
> -                dkSign.addReferencesToSign(sigParts, secHeader);
> -
> -                // Do signature
> -                dkSign.computeSignature();
> -                signatures.add(dkSign.getSignatureValue());
> +                List referenceList = dkSign.addReferencesToSign(sigParts,
> secHeader);
> 
>                  // Add elements to header
>                  addDerivedKeyElement(dkSign.getdktElement());
> -                insertBeforeBottomUp(dkSign.getSignatureElement());
> -                mainSigId =
> addWsuIdToElement(dkSign.getSignatureElement()); +
> +                //Do signature
> +                if (bottomUpElement == null) {
> +                    dkSign.computeSignature(referenceList, false, null);
> +                } else {
> +                    dkSign.computeSignature(referenceList, true,
> bottomUpElement); +                }
> +                bottomUpElement = dkSign.getSignatureElement();
> +                signatures.add(dkSign.getSignatureValue());
> +
> +                // TODO mainSigId =
> addWsuIdToElement(dkSign.getSignatureElement()); +               
> mainSigId = dkSign.getId();
>              } catch (Exception e) {
>                  //REVISIT
>                  e.printStackTrace();
> @@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex
>              }
> 
>              sig.prependBSTElementToHeader(secHeader);
> -            insertBeforeBottomUp(sig.getSignatureElement());
>              sigParts.addAll(this.getSignedParts());
> 
> -            sig.addReferencesToSign(sigParts, secHeader);
> -            sig.computeSignature();
> +            List referenceList = sig.addReferencesToSign(sigParts,
> secHeader); +            //Do signature
> +            if (bottomUpElement == null) {
> +                sig.computeSignature(referenceList, false, null);
> +            } else {
> +                sig.computeSignature(referenceList, true,
> bottomUpElement); +            }
> +            bottomUpElement = sig.getSignatureElement();
> +
>              signatures.add(sig.getSignatureValue());
> 
> -            mainSigId = addWsuIdToElement(sig.getSignatureElement());
> +            //TODO mainSigId =
> addWsuIdToElement(sig.getSignatureElement()); +            mainSigId =
> sig.getId();
>          }
>      }
> 
> @@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex
>              WSHandlerResult rResult =
>                      (WSHandlerResult) results.get(i);
> 
> -            Vector wsSecEngineResults = rResult.getResults();
> +            List wsSecEngineResults = rResult.getResults();
>              /*
>              * Scan the results for the first Signature action. Use the
>              * certificate of this Signature to set the certificate for the
> @@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex
>              WSHandlerResult rResult =
>                      (WSHandlerResult) results.get(i);
> 
> -            Vector wsSecEngineResults = rResult.getResults();
> +            List wsSecEngineResults = rResult.getResults();
>              /*
>              * Scan the results for the first Signature action. Use the
>              * certificate of this Signature to set the certificate for the
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/SymmetricBindingHandler.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBinding
> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Nov  5
> 16:07:11 2010 @@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j
>  import java.security.MessageDigest;
>  import java.security.NoSuchAlgorithmException;
>  import java.util.Calendar;
> +import java.util.List;
>  import java.util.Vector;
> +import java.util.logging.Level;
> 
>  import javax.xml.soap.SOAPMessage;
> 
> @@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext
> 
>                      if (!isRequestor()) {
>                          if (encrTok.getSHA1() != null) {
> -                            encr.setUseKeyIdentifier(true);
>                             
> encr.setCustomReferenceValue(encrTok.getSHA1());
> encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); }
> else {
> -                            encr.setUseKeyIdentifier(true);
>                             
> encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF); }
>                      } else {
>                          if (encrToken instanceof IssuedToken) {
> -                            encr.setUseKeyIdentifier(true);
>                             
> encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
> encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); }
> @@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext
>          }
> 
>          dkSign.setParts(sigs);
> -        dkSign.addReferencesToSign(sigs, secHeader);
> +        List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
> 
> -        //Do signature
> -        dkSign.computeSignature();
> -
>          //Add elements to header
>          Element el = dkSign.getdktElement();
> -        addDerivedKeyElement(el);
> -        insertBeforeBottomUp(dkSign.getSignatureElement());
> -        this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
> +        addDerivedKeyElement(el);
> +
> +        //Do signature
> +        if (bottomUpElement == null) {
> +            dkSign.computeSignature(referenceList, false, null);
> +        } else {
> +            dkSign.computeSignature(referenceList, true, bottomUpElement);
> +        }
> +        bottomUpElement = dkSign.getSignatureElement();
> +
> +        // TODO this.mainSigId =
> addWsuIdToElement(dkSign.getSignatureElement()); +        this.mainSigId =
> dkSign.getId();
> 
>          return dkSign.getSignatureValue();
>      }
> @@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext
>              }
>             
> this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO,
> crypto); sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
> +            String soap =
> org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart()); +
>            LOG.log(Level.FINE, "SOAP: " + soap);
>              sig.setParts(sigs);
> -            sig.addReferencesToSign(sigs, secHeader);
> +            List referenceList = sig.addReferencesToSign(sigs, secHeader);
> 
>              //Do signature
> -            sig.computeSignature();
> +            if (bottomUpElement == null) {
> +                sig.computeSignature(referenceList, false, null);
> +            } else {
> +                sig.computeSignature(referenceList, true,
> bottomUpElement); +            }
> +            bottomUpElement = sig.getSignatureElement();
> 
> -            Element mainSigElement = sig.getSignatureElement();
> -            insertBeforeBottomUp(mainSigElement);
> -            mainSigId = addWsuIdToElement(mainSigElement);
> +            // TODO mainSigId = addWsuIdToElement(mainSigElement);
> +            this.mainSigId = sig.getId();
>              return sig.getSignatureValue();
>          }
>      }
> @@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext
> 
>      private String getEncryptedKey() {
> 
> -        Vector results = (Vector)message.getExchange().getInMessage()
> +        List results = (List)message.getExchange().getInMessage()
>              .get(WSHandlerConstants.RECV_RESULTS);
> 
>          for (int i = 0; i < results.size(); i++) {
>              WSHandlerResult rResult =
>                      (WSHandlerResult) results.get(i);
> 
> -            Vector wsSecEngineResults = rResult.getResults();
> +            List wsSecEngineResults = rResult.getResults();
> 
>              for (int j = 0; j < wsSecEngineResults.size(); j++) {
>                  WSSecurityEngineResult wser =
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/TransportBindingHandler.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBinding
> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
> security/wss4j/policyhandlers/TransportBindingHandler.java Fri Nov  5
> 16:07:11 2010 @@ -20,6 +20,7 @@
>  package org.apache.cxf.ws.security.wss4j.policyhandlers;
> 
>  import java.util.Collection;
> +import java.util.List;
>  import java.util.Vector;
> 
>  import javax.xml.soap.SOAPMessage;
> @@ -262,13 +263,11 @@ public class TransportBindingHandler ext
>              */
> 
>              dkSig.setParts(sigParts);
> -            dkSig.addReferencesToSign(sigParts, secHeader);
> +            List referenceList = dkSig.addReferencesToSign(sigParts,
> secHeader);
> 
>              //Do signature
> -            dkSig.computeSignature();
> -
>              dkSig.appendDKElementToHeader(secHeader);
> -            dkSig.appendSigToHeader(secHeader);
> +            dkSig.computeSignature(referenceList, false, null);
> 
>              return dkSig.getSignatureValue();
>          } else {
> @@ -276,10 +275,14 @@ public class TransportBindingHandler ext
>              if (sig != null) {
>                  sig.prependBSTElementToHeader(secHeader);
> 
> -                sig.addReferencesToSign(sigParts, secHeader);
> -                insertBeforeBottomUp(sig.getSignatureElement());
> -
> -                sig.computeSignature();
> +                List referenceList = sig.addReferencesToSign(sigParts,
> secHeader); +
> +                if (bottomUpElement == null) {
> +                    sig.computeSignature(referenceList, false, null);
> +                } else {
> +                    sig.computeSignature(referenceList, true,
> bottomUpElement); +                }
> +                bottomUpElement = sig.getSignatureElement();
> 
>                  return sig.getSignatureValue();
>              } else {
> @@ -375,12 +378,10 @@ public class TransportBindingHandler ext
>              addDerivedKeyElement(dkSign.getdktElement());
> 
>              dkSign.setParts(sigParts);
> -            dkSign.addReferencesToSign(sigParts, secHeader);
> +            List referenceList = dkSign.addReferencesToSign(sigParts,
> secHeader);
> 
>              //Do signature
> -            dkSign.computeSignature();
> -
> -            dkSign.appendSigToHeader(secHeader);
> +            dkSign.computeSignature(referenceList, false, null);
> 
>              return dkSign.getSignatureValue();
>          } else {
> @@ -425,14 +426,16 @@ public class TransportBindingHandler ext
>              sig.prepare(doc, crypto, secHeader);
> 
>              sig.setParts(sigParts);
> -            sig.addReferencesToSign(sigParts, secHeader);
> +            List referenceList = sig.addReferencesToSign(sigParts,
> secHeader);
> 
>              //Do signature
> -            sig.computeSignature();
> -
> -            //Add elements to header
> -            insertBeforeBottomUp(sig.getSignatureElement());
> -
> +            if (bottomUpElement == null) {
> +                sig.computeSignature(referenceList, false, null);
> +            } else {
> +                sig.computeSignature(referenceList, true,
> bottomUpElement); +            }
> +            bottomUpElement = sig.getSignatureElement();
> +
>              return sig.getSignatureValue();
>          }
>      }
> 
> Modified:
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
> security/wss4j/CustomProcessor.java URL:
> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
> /test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=103165
> 2&r1=1031553&r2=1031652&view=diff
> ==========================================================================
> ==== ---
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
> security/wss4j/CustomProcessor.java (original) +++
> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
> security/wss4j/CustomProcessor.java Fri Nov  5 16:07:11 2010 @@ -40,7 +40,7
> @@ public class CustomProcessor implements
>          final Crypto decCrypto,
>          final javax.security.auth.callback.CallbackHandler cb,
>          final WSDocInfo wsDocInfo,
> -        final java.util.Vector returnResults,
> +        final java.util.List returnResults,
>          final WSSConfig config
>      ) throws WSSecurityException {
>          final java.util.Map result =

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message