ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1386701 - in /webservices/wss4j/trunk/ws-security-stax/src: main/java/org/apache/ws/security/stax/ext/ main/java/org/apache/ws/security/stax/impl/processor/output/ test/java/org/apache/ws/security/stax/test/
Date Mon, 17 Sep 2012 16:32:25 GMT
Author: giger
Date: Mon Sep 17 16:32:24 2012
New Revision: 1386701

URL: http://svn.apache.org/viewvc?rev=1386701&view=rev
Log:
Support C14N PrefixList for outbound signature in stax code. @see SANTUARIO-341

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/SignatureTest.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSSecurityProperties.java?rev=1386701&r1=1386700&r2=1386701&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSSecurityProperties.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/ext/WSSSecurityProperties.java
Mon Sep 17 16:32:24 2012
@@ -42,6 +42,10 @@ import org.apache.xml.security.stax.ext.
  */
 public class WSSSecurityProperties extends XMLSecurityProperties {
 
+    public WSSSecurityProperties() {
+        setAddExcC14NInclusivePrefixes(true);
+    }
+
     private WSSConstants.KeyIdentifierType encryptionKeyIdentifierType;
 
     /**

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java?rev=1386701&r1=1386700&r2=1386701&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureEndingOutputProcessor.java
Mon Sep 17 16:32:24 2012
@@ -69,8 +69,16 @@ public class WSSSignatureEndingOutputPro
     }
 
     @Override
-    protected SignedInfoProcessor newSignedInfoProcessor(SignatureAlgorithm signatureAlgorithm,
OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
-        this.signedInfoProcessor = new SignedInfoProcessor(signatureAlgorithm);
+    protected SignedInfoProcessor newSignedInfoProcessor(
+            SignatureAlgorithm signatureAlgorithm, XMLSecStartElement xmlSecStartElement,
+            OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
+
+        //we have to search for the SecurityHeaderElement for InclusiveNamespaces (same behavior
as in wss-dom):
+        while (!WSSConstants.TAG_wsse_Security.equals(xmlSecStartElement.getName())) {
+            xmlSecStartElement = xmlSecStartElement.getParentXMLSecStartElement();
+        }
+
+        this.signedInfoProcessor = new SignedInfoProcessor(signatureAlgorithm, xmlSecStartElement);
         this.signedInfoProcessor.setXMLSecurityProperties(getSecurityProperties());
         this.signedInfoProcessor.setAction(getAction());
         this.signedInfoProcessor.addAfterProcessor(WSSSignatureEndingOutputProcessor.class.getName());
@@ -170,6 +178,14 @@ public class WSSSignatureEndingOutputPro
                     List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
                     attributes.add(createAttribute(WSSConstants.ATT_NULL_Algorithm, transform));
                     createStartElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_dsig_Transform,
false, attributes);
+
+                    if (getSecurityProperties().isAddExcC14NInclusivePrefixes()) {
+                        attributes = new ArrayList<XMLSecAttribute>(1);
+                        attributes.add(createAttribute(XMLSecurityConstants.ATT_NULL_PrefixList,
signaturePartDef.getInclusiveNamespacesPrefixes()));
+                        createStartElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces,
true, attributes);
+                        createEndElementAndOutputAsEvent(subOutputProcessorChain, XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
+                    }
+
                     createEndElementAndOutputAsEvent(subOutputProcessorChain, WSSConstants.TAG_dsig_Transform);
                 }
             }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureOutputProcessor.java?rev=1386701&r1=1386700&r2=1386701&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/impl/processor/output/WSSSignatureOutputProcessor.java
Mon Sep 17 16:32:24 2012
@@ -32,7 +32,6 @@ import org.apache.xml.security.stax.impl
 import org.apache.xml.security.stax.impl.processor.output.AbstractSignatureOutputProcessor;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 
-import javax.xml.namespace.QName;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.events.Attribute;
@@ -40,9 +39,7 @@ import java.io.OutputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 /**
  * @author $Author: coheigea $
@@ -80,6 +77,7 @@ public class WSSSignatureOutputProcessor
                     try {
                         SignaturePartDef signaturePartDef = new SignaturePartDef();
                         signaturePartDef.setTransforms(securePart.getTransforms());
+                        signaturePartDef.setExcludeVisibleC14Nprefixes(true);
                         String digestMethod = securePart.getDigestMethod();
                         if (digestMethod == null) {
                             digestMethod = getSecurityProperties().getSignatureDigestAlgorithm();
@@ -112,7 +110,7 @@ public class WSSSignatureOutputProcessor
                         }
 
                         getSignaturePartDefList().add(signaturePartDef);
-                        internalSignatureOutputProcessor = new InternalWSSSignatureOutputProcessor(signaturePartDef,
xmlSecStartElement.getName());
+                        internalSignatureOutputProcessor = new InternalWSSSignatureOutputProcessor(signaturePartDef,
xmlSecStartElement);
                         internalSignatureOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                         internalSignatureOutputProcessor.setAction(getAction());
                         internalSignatureOutputProcessor.addAfterProcessor(WSSSignatureOutputProcessor.class.getName());
@@ -180,31 +178,56 @@ public class WSSSignatureOutputProcessor
     }
 
     @Override
-    protected Transformer buildTransformerChain(OutputStream outputStream, String[] transforms)
+    protected Transformer buildTransformerChain(
+            OutputStream outputStream, SignaturePartDef signaturePartDef, XMLSecStartElement
xmlSecStartElement)
             throws XMLSecurityException, NoSuchMethodException, InstantiationException,
             IllegalAccessException, InvocationTargetException {
 
+        String[] transforms = signaturePartDef.getTransforms();
+
         if (transforms == null || transforms.length == 0) {
             Transformer transformer = new TransformIdentity();
             transformer.setOutputStream(outputStream);
             return transformer;
         }
 
-        List<String> inclusiveNamespacesPrefixes = new ArrayList<String>();
+        List<String> inclusiveNamespacePrefixes = null;
         if (WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(transforms[0])) {
-            inclusiveNamespacesPrefixes.add("#default");
+            inclusiveNamespacePrefixes = new ArrayList<String>();
+            inclusiveNamespacePrefixes.add("#default");
         }
 
         Transformer parentTransformer = null;
         for (int i = transforms.length - 1; i >= 0; i--) {
             String transform = transforms[i];
 
+            if (inclusiveNamespacePrefixes == null &&
+                    getSecurityProperties().isAddExcC14NInclusivePrefixes() &&
+                    XMLSecurityConstants.NS_C14N_EXCL.equals(transform)) {
+
+                Set<String> prefixSet = XMLSecurityUtils.getExcC14NInclusiveNamespacePrefixes(xmlSecStartElement,
signaturePartDef.isExcludeVisibleC14Nprefixes());
+                inclusiveNamespacePrefixes = new ArrayList<String>(prefixSet.size());
+
+                StringBuilder prefixes = new StringBuilder();
+                for (Iterator<String> iterator = prefixSet.iterator(); iterator.hasNext();
) {
+                    String prefix = iterator.next();
+                    if (!inclusiveNamespacePrefixes.contains(prefix)) {
+                        inclusiveNamespacePrefixes.add(prefix);
+                    }
+                    if (prefixes.length() != 0) {
+                        prefixes.append(" ");
+                    }
+                    prefixes.append(prefix);
+                }
+                signaturePartDef.setInclusiveNamespacesPrefixes(prefixes.toString());
+            }
+
             if (parentTransformer != null) {
                 parentTransformer = XMLSecurityUtils.getTransformer(
                         parentTransformer, null, transform, XMLSecurityConstants.DIRECTION.OUT);
             } else {
                 parentTransformer = XMLSecurityUtils.getTransformer(
-                        inclusiveNamespacesPrefixes, outputStream, transform, XMLSecurityConstants.DIRECTION.OUT);
+                        inclusiveNamespacePrefixes, outputStream, transform, XMLSecurityConstants.DIRECTION.OUT);
             }
         }
         return parentTransformer;
@@ -212,8 +235,8 @@ public class WSSSignatureOutputProcessor
 
     class InternalWSSSignatureOutputProcessor extends InternalSignatureOutputProcessor {
 
-        public InternalWSSSignatureOutputProcessor(SignaturePartDef signaturePartDef, QName
startElement) throws XMLSecurityException, NoSuchProviderException, NoSuchAlgorithmException
{
-            super(signaturePartDef, startElement);
+        public InternalWSSSignatureOutputProcessor(SignaturePartDef signaturePartDef, XMLSecStartElement
xmlSecStartElement) throws XMLSecurityException, NoSuchProviderException, NoSuchAlgorithmException
{
+            super(signaturePartDef, xmlSecStartElement);
             this.addBeforeProcessor(InternalWSSSignatureOutputProcessor.class.getName());
         }
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/SignatureTest.java?rev=1386701&r1=1386700&r2=1386701&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/SignatureTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/SignatureTest.java
Mon Sep 17 16:32:24 2012
@@ -90,8 +90,12 @@ public class SignatureTest extends Abstr
             String idAttrValue = ((Element) nodeList.item(0)).getAttributeNS(WSSConstants.ATT_wsu_Id.getNamespaceURI(),
WSSConstants.ATT_wsu_Id.getLocalPart());
             Assert.assertNotNull(idAttrValue);
             Assert.assertTrue(idAttrValue.length() > 0);
-        }
 
+            nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(),
WSSConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 2);
+            Assert.assertEquals(((Element) nodeList.item(0)).getAttribute(WSSConstants.ATT_NULL_PrefixList.getLocalPart()),
"env");
+            Assert.assertEquals(((Element) nodeList.item(1)).getAttribute(WSSConstants.ATT_NULL_PrefixList.getLocalPart()),
"");
+        }
         //done signature; now test sig-verification:
         {
             String action = WSHandlerConstants.SIGNATURE;



Mime
View raw message