ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1381663 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Date Thu, 06 Sep 2012 16:22:41 GMT
Author: coheigea
Date: Thu Sep  6 16:22:41 2012
New Revision: 1381663

URL: http://svn.apache.org/viewvc?rev=1381663&view=rev
Log:
[WSS-360] - Finished remaining Stax BSP rules

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java?rev=1381663&r1=1381662&r2=1381663&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/str/STRParserUtil.java
Thu Sep  6 16:22:41 2012
@@ -127,13 +127,10 @@ public final class STRParserUtil {
         if (secRef.containsReference()) {
             // Check the ValueType attributes
             String valueType = secRef.getReference().getValueType();
-            if ((valueType == null || "".equals(valueType)) && (token instanceof
KerberosSecurity)) {
-                bspEnforcer.handleBSPRule(BSPRule.R3059);
-            }
-            
             if (((token instanceof X509Security) && !X509Security.X509_V3_TYPE.equals(valueType))
                 || ((token instanceof PKIPathSecurity) && !PKIPathSecurity.PKI_TYPE.equals(valueType))
                 || ((token instanceof KerberosSecurity) 
+                        && !(valueType == null || "".equals(valueType))
                         && !WSConstants.WSS_GSS_KRB_V5_AP_REQ.equals(valueType)))
{
                 bspEnforcer.handleBSPRule(BSPRule.R3058);
             }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1381663&r1=1381662&r2=1381663&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Thu Sep  6 16:22:41 2012
@@ -34,6 +34,7 @@ import org.apache.xml.security.stax.impl
 import org.apache.xml.security.stax.impl.securityToken.ECKeyValueSecurityToken;
 import org.apache.xml.security.stax.impl.securityToken.RsaKeyValueSecurityToken;
 import org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactory;
+import org.opensaml.common.SAMLVersion;
 
 import javax.security.auth.callback.CallbackHandler;
 import java.util.Deque;
@@ -94,7 +95,7 @@ public class SecurityTokenFactoryImpl ex
             if (securityTokenReferenceType.getAny().size() > 1) {
                 ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3061);
             }
-
+            
             //todo BSP.R3027 KeyName? not supported ATM
             //todo BSP.R3060,BSP.R3025,BSP.R3056 only one Embedded element? Not supported
ATM
             final X509DataType x509DataType
@@ -104,6 +105,11 @@ public class SecurityTokenFactoryImpl ex
                         x509DataType, securityTokenReferenceType.getId(),
                         WSSConstants.WSSKeyIdentifierType.ISSUER_SERIAL);
             }
+            
+            String tokenType = 
+                    XMLSecurityUtils.getQNameAttribute(
+                        securityTokenReferenceType.getOtherAttributes(), 
+                        WSSConstants.ATT_wsse11_TokenType);
 
             final KeyIdentifierType keyIdentifierType
                     = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(),
WSSConstants.TAG_wsse_KeyIdentifier);
@@ -123,6 +129,9 @@ public class SecurityTokenFactoryImpl ex
                     } else {
                         ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3071);
                     }
+                } else if (encodingType != null 
+                        && (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType)))
{
+                    ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6604);
                 }
 
                 if (WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
@@ -138,6 +147,11 @@ public class SecurityTokenFactoryImpl ex
                             (WSSecurityContext) securityContext, crypto, callbackHandler,
binaryContent,
                             securityTokenReferenceType.getId(), WSSConstants.WSSKeyIdentifierType.THUMBPRINT_IDENTIFIER);
                 } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) || WSSConstants.NS_SAML20_TYPE.equals(valueType))
{
+                    if (WSSConstants.NS_SAML20_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType))
{
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6617);
+                    } else if (WSSConstants.NS_SAML10_TYPE.equals(valueType) && !WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE.equals(tokenType))
{
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6611);
+                    }
                     SecurityTokenProvider securityTokenProvider = securityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
                     if (securityTokenProvider == null) {
                         throw new WSSecurityException(
@@ -153,7 +167,7 @@ public class SecurityTokenFactoryImpl ex
             final org.apache.ws.security.binding.wss10.ReferenceType referenceType
                     = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(),
WSSConstants.TAG_wsse_Reference);
             if (referenceType != null) {
-                //We do not check for BSP.R3023, BSP.R3022, BSP.R3066, BSP.R3067, BSP.R3024,
BSP.R3064, BSP.R3211, BSP.R3058, BSP.R3059
+                //We do not check for BSP.R3023, BSP.R3022, BSP.R3066, BSP.R3067, BSP.R3024,
BSP.R3064, BSP.R3211, BSP.R3059
 
                 String uri = referenceType.getURI();
                 if (uri == null) {
@@ -186,7 +200,41 @@ public class SecurityTokenFactoryImpl ex
                 }
                 if (securityTokenProvider.getSecurityToken() instanceof SecurityTokenReference)
{
                     ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3057);
-                }
+                } else if (securityTokenProvider.getSecurityToken() instanceof X509PKIPathv1SecurityToken)
{
+                    String valueType = referenceType.getValueType();
+                    if (!WSSConstants.NS_X509PKIPathv1.equals(valueType)) {
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3058);
+                    }
+                    if (!WSSConstants.NS_X509PKIPathv1.equals(tokenType)) {
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R5215);
+                    }
+                } else if (securityTokenProvider.getSecurityToken() instanceof X509SecurityToken)
{
+                    String valueType = referenceType.getValueType();
+                    if (!WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R3058);
+                    }
+                } else if (securityTokenProvider.getSecurityToken() instanceof UsernameSecurityToken)
{
+                    String valueType = referenceType.getValueType();
+                    if (!WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken.equals(valueType))
{
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R4214);
+                    }
+                } else if (securityTokenProvider.getSecurityToken() instanceof SAMLSecurityToken)
{
+                    SAMLVersion samlVersion = 
+                            ((SAMLSecurityToken)securityTokenProvider.getSecurityToken()).getSamlVersion();
+                    if (samlVersion == SAMLVersion.VERSION_20) {
+                        String valueType = referenceType.getValueType();
+                        if (valueType != null && !"".equals(valueType)) {
+                            ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6614);
+                        }
+                        if (!WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE.equals(tokenType))
{
+                            ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6617);
+                        }
+                    } else if (samlVersion == SAMLVersion.VERSION_10 && !WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE.equals(tokenType))
{
+                        ((WSSecurityContext) securityContext).handleBSPRule(BSPRule.R6611);
+                    }
+                } 
+                
+                
                 return securityTokenProvider.getSecurityToken();
             }
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
"noKeyinfo");



Mime
View raw message