ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1381604 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/action/ src/org/apache/ws/security/handler/ test/wssec/
Date Thu, 06 Sep 2012 13:57:59 GMT
Author: coheigea
Date: Thu Sep  6 13:57:59 2012
New Revision: 1381604

URL: http://svn.apache.org/viewvc?rev=1381604&view=rev
Log:
[WSS-231] - Backmerging to 1.5.x-fixes

Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/action/SignatureAction.java
Thu Sep  6 13:57:59 2012
@@ -19,13 +19,22 @@
 
 package org.apache.ws.security.action;
 
+import java.util.Vector;
+
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.util.WSSecurityUtil;
+
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 public class SignatureAction implements Action {
     public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
@@ -62,7 +71,59 @@ public class SignatureAction implements 
         }
 
         try {
-            wsSign.build(doc, reqData.getSigCrypto(), reqData.getSecHeader());
+            wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
+            
+            Element siblingElementToPrepend = null;
+            Vector signatureParts = reqData.getSignatureParts();
+            if (signatureParts == null) {
+                signatureParts = new Vector();
+                SOAPConstants soapConstants = 
+                    WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
+                WSEncryptionPart encP = 
+                    new WSEncryptionPart(
+                        soapConstants.getBodyQName().getLocalPart(), 
+                        soapConstants.getEnvelopeURI(), 
+                        "Content"
+                    );
+                signatureParts.add(encP);
+            } else if (reqData.isAppendSignatureAfterTimestamp() && signatureParts
!= null) {
+                for (int i = 0; i < signatureParts.size(); i++) {
+                    WSEncryptionPart part = 
+                        (WSEncryptionPart)signatureParts.get(i);
+                    if (WSConstants.WSU_NS.equals(part.getNamespace()) 
+                            && "Timestamp".equals(part.getName())) {
+                        Element timestampElement = 
+                                (Element)WSSecurityUtil.findElement(
+                                        doc.getDocumentElement(), part.getName(), part.getNamespace()
+                                );
+                        if (timestampElement != null) {
+                            Node child = timestampElement.getNextSibling();
+                            while (child != null && child.getNodeType() != Node.ELEMENT_NODE)
{
+                                child = child.getNextSibling();
+                            }
+                            siblingElementToPrepend = (Element)child;
+                        }
+                    }
+                }
+            }
+            
+            wsSign.addReferencesToSign(signatureParts, reqData.getSecHeader());
+            
+            if (reqData.isAppendSignatureAfterTimestamp()) {
+                if (siblingElementToPrepend == null) {
+                    wsSign.appendToHeader(reqData.getSecHeader());
+                } else {
+                    reqData.getSecHeader().getSecurityHeader().insertBefore(
+                        wsSign.getSignatureElement(), siblingElementToPrepend
+                    );
+                }
+            } else {
+                wsSign.prependToHeader(reqData.getSecHeader());
+            }
+
+            wsSign.prependBSTElementToHeader(reqData.getSecHeader());
+            wsSign.computeSignature();
+
             reqData.getSignatureValues().add(wsSign.getSignatureValue());
         } catch (WSSecurityException e) {
             throw new WSSecurityException("Error during Signature: ", e);

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
Thu Sep  6 13:57:59 2012
@@ -66,6 +66,7 @@ public class RequestData {
     private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
     private boolean useDerivedKeyForMAC = true;
     private boolean useSingleCert = true;
+    private boolean appendSignatureAfterTimestamp;
 
     public void clear() {
         soapConstants = null;
@@ -85,6 +86,7 @@ public class RequestData {
         derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
         useDerivedKeyForMAC = true;
         useSingleCert = true;
+        appendSignatureAfterTimestamp = false;
     }
 
     public Object getMsgContext() {
@@ -370,4 +372,12 @@ public class RequestData {
     public boolean isUseSingleCert() {
         return useSingleCert;
     }
+    
+    public boolean isAppendSignatureAfterTimestamp() {
+        return appendSignatureAfterTimestamp;
+    }
+
+    public void setAppendSignatureAfterTimestamp(boolean appendSignatureAfterTimestamp) {
+        this.appendSignatureAfterTimestamp = appendSignatureAfterTimestamp;
+    }
 }

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
Thu Sep  6 13:57:59 2012
@@ -47,6 +47,7 @@ import java.math.BigInteger;
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Hashtable;
@@ -185,13 +186,39 @@ public abstract class WSHandler {
                 wssConfig.getAction(WSConstants.SC).execute(this, WSConstants.SC, doc, reqData);
             }
         }
+        
+        // See if the Signature and Timestamp actions (in that order) are defined, and if
+        // the Timestamp is to be signed. In this case we need to swap the actions, as the

+        // Timestamp must appear in the security header first for signature creation to work.
+        Vector actionsToPerform = actions;
+        if (actions.contains(new Integer(WSConstants.SIGN)) 
+                && actions.contains(new Integer(WSConstants.TS))
+                && (actions.indexOf(new Integer(WSConstants.SIGN)) 
+                        < actions.indexOf(new Integer(WSConstants.TS)))) {
+            boolean signTimestamp = false;
+            for (int i = 0; i < reqData.getSignatureParts().size(); i++) {
+                WSEncryptionPart encP = (WSEncryptionPart)reqData.getSignatureParts().get(i);
+                if (WSConstants.WSU_NS.equals(encP.getNamespace()) 
+                        && "Timestamp".equals(encP.getName())) {
+                    signTimestamp = true;
+                }
+            }
+            if (signTimestamp) {
+                actionsToPerform = new Vector(actions);
+                Collections.copy(actionsToPerform, actions);
+                actionsToPerform.remove(actions.indexOf(new Integer(WSConstants.SIGN)));
+                actionsToPerform.add(new Integer(WSConstants.SIGN));
+                reqData.setAppendSignatureAfterTimestamp(true);
+            }
+        }
+
         /*
          * Here we have all necessary information to perform the requested
          * action(s).
          */
-        for (int i = 0; i < actions.size(); i++) {
+        for (int i = 0; i < actionsToPerform.size(); i++) {
 
-            int actionToDo = ((Integer) actions.get(i)).intValue();
+            int actionToDo = ((Integer) actionsToPerform.get(i)).intValue();
             if (doDebug) {
                 log.debug("Performing Action: " + actionToDo);
             }

Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java?rev=1381604&r1=1381603&r2=1381604&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew3.java Thu Sep  6 13:57:59
2012
@@ -34,6 +34,8 @@ import org.apache.ws.security.WSEncrypti
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.message.WSSecSignature;
@@ -47,6 +49,7 @@ import javax.security.auth.callback.Unsu
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Vector;
 
 /**
  * WS-Security Test Case
@@ -267,7 +270,48 @@ public class TestWSSecurityNew3 extends 
         
         verify(doc);
     }
+    
+    /**
+     * A test for "There is an issue with the position of the <Timestamp> element in
the
+     * <Security> header when using WSS4J calling .NET Web Services with WS-Security."
+     */
+    public void testWSS231() throws Exception {
+        final WSSConfig cfg = WSSConfig.getNewInstance();
+        final int action = WSConstants.SIGN | WSConstants.TS;
+        final RequestData reqData = new RequestData();
+        reqData.setWssConfig(cfg);
+        reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
+
+        java.util.Map config = new java.util.TreeMap();
+        config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
+        config.put("password", "security");
+        config.put(
+                WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS + "}Timestamp"
+        );
+        reqData.setMsgContext(config);
+
+        final Vector actions = new Vector();
+        actions.add(new Integer(WSConstants.SIGN));
+        actions.add(new Integer(WSConstants.TS));
+        final Document doc = unsignedEnvelope.getAsDocument();
+        MyHandler handler = new MyHandler();
+        handler.send(
+                action, 
+                doc, 
+                reqData, 
+                actions,
+                true
+        );
+        String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed message:");
+            LOG.debug(outputString);
+        }
 
+        Vector results = verify(doc);
+        assertTrue(handler.checkResults(results, actions));
+    }
 
     /**
      * Verifies the soap envelope
@@ -276,8 +320,8 @@ public class TestWSSecurityNew3 extends 
      * @param env soap envelope
      * @throws java.lang.Exception Thrown when there is a problem in verification
      */
-    private void verify(Document doc) throws Exception {
-        secEngine.processSecurityHeader(doc, null, this, crypto, null);
+    private Vector verify(Document doc) throws Exception {
+        return secEngine.processSecurityHeader(doc, null, this, crypto, null);
     }
 
     public void handle(Callback[] callbacks)



Mime
View raw message