ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r784791 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/ src/org/apache/ws/security/processor/ src/org/apache/ws/security/util/ test/wssec/
Date Mon, 15 Jun 2009 14:26:14 GMT
Author: coheigea
Date: Mon Jun 15 14:26:14 2009
New Revision: 784791

URL: http://svn.apache.org/viewvc?rev=784791&view=rev
Log:
[WSS-198] - Backported some fixes from trunk for this issue.
 - The problem was that the EncryptedKeyProcessor and ReferenceListProcessor append the Id
to the decrypted element
 - I added the decrypted DOM element to WSDataRef instead so that the user can see what element
was decrypted.
 - Added a test.

Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
    webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDataRef.java Mon Jun
15 14:26:14 2009
@@ -27,10 +27,16 @@
  */
 
 import javax.xml.namespace.QName;
+import org.w3c.dom.Element;
 
 public class WSDataRef {
     
     /**
+     * The protected DOM element
+     */
+    private Element protectedElement;
+    
+    /**
      * reference by which the Encrypted Data was referred 
      */
     private String dataref;
@@ -114,5 +120,32 @@
     public void setName(QName name) {
         this.name = name;
     }
+    
+    /**
+     * @param element The protected DOM element to set
+     */
+    public void setProtectedElement(Element element) {
+        protectedElement = element;
+        String prefix = element.getPrefix();
+        if (prefix == null) {
+            name = 
+                new QName(
+                    element.getNamespaceURI(), element.getLocalName()
+                );
+        } else {
+            name = 
+                new QName(
+                    element.getNamespaceURI(), element.getLocalName(), prefix
+                );
+        }
+    }
+     
+    /**
+     * @return the protected DOM element
+     */
+    public Element getProtectedElement() {
+        return protectedElement;
+    }
+
 
 }

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
Mon Jun 15 14:26:14 2009
@@ -31,9 +31,6 @@
 import org.apache.ws.security.message.token.X509Security;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.utils.Constants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -378,13 +375,10 @@
                 }
                 if (tmpE.getLocalName().equals("DataReference")) {                   
                     String dataRefURI = ((Element) tmpE).getAttribute("URI");
-                    WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1));
-                    Element elt = decryptDataRef(doc, dataRefURI,dataRef, decryptedBytes);
-                    dataRef.setName(
-                        new javax.xml.namespace.QName(
-                            elt.getNamespaceURI(), elt.getLocalName()
-                        )
-                    );
+                    if (dataRefURI.charAt(0) == '#') {
+                        dataRefURI = dataRefURI.substring(1);
+                    }
+                    WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
                     dataRefs.add(dataRef);
                 }
             }
@@ -423,181 +417,35 @@
         return Base64.decode(encodedData);
     }
 
-    private Element decryptDataRef(
+    /**
+     * Decrypt an EncryptedData element referenced by dataRefURI
+     */
+    private WSDataRef decryptDataRef(
         Document doc, 
         String dataRefURI, 
-        WSDataRef wsDataRef, 
         byte[] decryptedData
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
-            log.debug("found data refernce: " + dataRefURI);
+            log.debug("found data reference: " + dataRefURI);
         }
         //
-        // Look up the encrypted data. First try wsu:Id="someURI". If no such Id then
-        // try the generic lookup to find Id="someURI"
+        // Find the encrypted data element referenced by dataRefURI
         //
-        Element encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI);
-        if (encBodyData == null) {
-            encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
-        }
-        if (encBodyData == null) {
-            throw new WSSecurityException(
-                WSSecurityException.INVALID_SECURITY, "dataRef", new Object[]{dataRefURI}
-            );
-        }
-
-        boolean content = X509Util.isContent(encBodyData);
-
-        // get the encryption method
-        String symEncAlgo = X509Util.getEncAlgo(encBodyData);
-
+        Element encryptedDataElement = 
+            ReferenceListProcessor.findEncryptedDataElement(doc, dataRefURI);
+        //
+        // Prepare the SecretKey object to decrypt EncryptedData
+        //
+        String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
         SecretKey symmetricKey = 
             WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
 
-        // initialize Cipher ....
-        XMLCipher xmlCipher = null;
-        try {
-            xmlCipher = XMLCipher.getInstance(symEncAlgo);
-            xmlCipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
-        } catch (XMLEncryptionException e) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
-            );
-        }
-
-        if (content) {
-            encBodyData = (Element) encBodyData.getParentNode();
-        }
-        final Node parent = encBodyData.getParentNode();
-
-        final java.util.List before_peers = listChildren(parent);
-        try {
-            xmlCipher.doFinal(doc, encBodyData, content);
-        } catch (Exception e1) {
-            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e1);
-        }
-        
-        if (parent.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
-            && parent.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
-            
-            Node decryptedHeader = parent.getFirstChild();
-            Element decryptedHeaderClone = (Element)decryptedHeader.cloneNode(true);    
       
-            String sigId = decryptedHeaderClone.getAttributeNS(WSConstants.WSU_NS, "Id");
-            
-            if (sigId == null || sigId.equals("")) {
-                String id = ((Element)parent).getAttributeNS(WSConstants.WSU_NS, "Id");
-                
-                String wsuPrefix = 
-                    WSSecurityUtil.setNamespace(
-                        decryptedHeaderClone, WSConstants.WSU_NS, WSConstants.WSU_PREFIX
-                    );
-                decryptedHeaderClone.setAttributeNS(WSConstants.WSU_NS, wsuPrefix + ":Id",
id);
-                wsDataRef.setWsuId(id.substring(1));
-            } else {
-                wsDataRef.setWsuId(sigId);
-            }
-            
-            parent.getParentNode().appendChild(decryptedHeaderClone);
-            parent.getParentNode().removeChild(parent);
-        }
-             
-        final java.util.List after_peers = listChildren(parent);
-        final java.util.List new_nodes = newNodes(before_peers, after_peers);
-        for (
-            final java.util.Iterator pos = new_nodes.iterator();
-            pos.hasNext();
-        ) {
-            Node node = (Node) pos.next();
-            if (node instanceof Element) {
-                if (!Constants.SignatureSpecNS.equals(node.getNamespaceURI()) &&
-                        node.getAttributes().getNamedItemNS(WSConstants.WSU_NS, "Id") ==
null) {
-                    String wsuPrefix = 
-                        WSSecurityUtil.setNamespace(
-                            (Element)node, WSConstants.WSU_NS, WSConstants.WSU_PREFIX
-                        );
-                    ((Element)node).setAttributeNS(WSConstants.WSU_NS, wsuPrefix + ":Id",
dataRefURI);
-                    wsDataRef.setWsuId(dataRefURI.substring(1));
-                }
-                wsDataRef.setName(new QName(node.getNamespaceURI(),node.getLocalName()));
-                
-                return (Element) node;
-            }
-        }
-        return encBodyData;
-    }
-    
-    /**
-     * @return  a list of child Nodes
-     */
-    private static java.util.List
-    listChildren(
-        final Node parent
-    ) {
-        if (parent == null) {
-            return java.util.Collections.EMPTY_LIST;
-        }
-        final java.util.List ret = new java.util.ArrayList();
-        if (parent.hasChildNodes()) {
-            final NodeList children = parent.getChildNodes();
-            if (children != null) {
-                for (int i = 0, n = children.getLength();  i < n;  ++i) {
-                    ret.add(children.item(i));
-                }
-            }
-        }
-        return ret;
+        return ReferenceListProcessor.decryptEncryptedData(
+            doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
+        );
     }
     
     /**
-     * @return a list of Nodes in b that are not in a 
-     */
-    private static java.util.List
-    newNodes(
-        final java.util.List a,
-        final java.util.List b
-    ) {
-        if (a.size() == 0) {
-            return b;
-        }
-        if (b.size() == 0) {
-            return java.util.Collections.EMPTY_LIST;
-        }
-        final java.util.List ret = new java.util.ArrayList();
-        for (
-            final java.util.Iterator bpos = b.iterator();
-            bpos.hasNext();
-        ) {
-            final Node bnode = (Node) bpos.next();
-            final java.lang.String bns = bnode.getNamespaceURI();
-            final java.lang.String bln = bnode.getLocalName();
-            boolean found = false;
-            for (
-                final java.util.Iterator apos = a.iterator();
-                apos.hasNext();
-            ) {
-                final Node anode = (Node) apos.next();
-                final java.lang.String ans = anode.getNamespaceURI();
-                final java.lang.String aln = anode.getLocalName();
-                final boolean nsmatch =
-                    ans == null
-                    ? ((bns == null) ? true : false)
-                    : ((bns == null) ? false : ans.equals(bns));
-                final boolean lnmatch =
-                    aln == null
-                    ? ((bln == null) ? true : false)
-                    : ((bln == null) ? false : aln.equals(bln));
-                if (nsmatch && lnmatch) {
-                    found = true;
-                }
-            }
-            if (!found) {
-                ret.add(bnode);
-            }
-        }
-        return ret;
-    }
-
-    /**
      * Get the Id of the encrypted key element.
      * 
      * @return The Id string

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
Mon Jun 15 14:26:14 2009
@@ -23,7 +23,6 @@
 import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.xml.namespace.QName;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -42,11 +41,9 @@
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.utils.Constants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 
 public class ReferenceListProcessor implements Processor {
     private static Log log = 
@@ -93,8 +90,6 @@
         CallbackHandler cb,
         Crypto crypto
     ) throws WSSecurityException {
-        Document doc = elem.getOwnerDocument();
-
         Node tmpE = null;
         ArrayList dataRefUris = new ArrayList();
         for (tmpE = elem.getFirstChild(); 
@@ -109,8 +104,11 @@
             }
             if (tmpE.getLocalName().equals("DataReference")) {
                 String dataRefURI = ((Element) tmpE).getAttribute("URI");
-                WSDataRef dataRef = new WSDataRef(dataRefURI.substring(1));
-                decryptDataRefEmbedded(doc, dataRefURI, dataRef, cb, crypto);
+                if (dataRefURI.charAt(0) == '#') {
+                    dataRefURI = dataRefURI.substring(1);
+                }
+                WSDataRef dataRef = 
+                    decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb, crypto);
                 dataRefUris.add(dataRef);
             }
         }
@@ -118,137 +116,153 @@
         return dataRefUris;
     }
 
-    public void decryptDataRefEmbedded(
+    
+    /**
+     * Decrypt an (embedded) EncryptedData element referenced by dataRefURI.
+     */
+    private WSDataRef decryptDataRefEmbedded(
         Document doc, 
         String dataRefURI, 
-        WSDataRef dataRef,
         CallbackHandler cb, 
         Crypto crypto
     ) throws WSSecurityException {
-
         if (log.isDebugEnabled()) {
             log.debug("Found data reference: " + dataRefURI);
         }
         //
-        // Look up the encrypted data. First try wsu:Id="someURI". If no such Id
-        // then try the generic lookup to find Id="someURI"
+        // Find the encrypted data element referenced by dataRefURI
         //
-        Element encBodyData = null;
-        if ((encBodyData = WSSecurityUtil.getElementByWsuId(doc, dataRefURI)) == null) {
           
-            encBodyData = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
-        }
-        if (encBodyData == null) {
-            throw new WSSecurityException(
-                WSSecurityException.INVALID_SECURITY, "dataRef", new Object[] {dataRefURI}
-            );
-        }
-
-        boolean content = X509Util.isContent(encBodyData);
-
-        // Now figure out the encryption algorithm
-        String symEncAlgo = X509Util.getEncAlgo(encBodyData);
-
-        Element tmpE = 
-            (Element)WSSecurityUtil.findElement(
-                (Node) encBodyData, "KeyInfo", WSConstants.SIG_NS
+        Element encryptedDataElement = findEncryptedDataElement(doc, dataRefURI);
+        //
+        // Prepare the SecretKey object to decrypt EncryptedData
+        //
+        String symEncAlgo = X509Util.getEncAlgo(encryptedDataElement);
+        Element keyInfoElement = 
+            (Element)WSSecurityUtil.getDirectChildElement(
+                encryptedDataElement, "KeyInfo", WSConstants.SIG_NS
             );
-        if (tmpE == null) {
+        if (keyInfoElement == null) {
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyinfo");
         }
-
         //
         // Try to get a security reference token, if none found try to get a
         // shared key using a KeyName.
         //
         Element secRefToken = 
-            (Element) WSSecurityUtil.getDirectChild(
-                tmpE, "SecurityTokenReference", WSConstants.WSSE_NS
+            WSSecurityUtil.getDirectChildElement(
+                keyInfoElement, "SecurityTokenReference", WSConstants.WSSE_NS
             );
-
         SecretKey symmetricKey = null;
         if (secRefToken == null) {
-            symmetricKey = X509Util.getSharedKey(tmpE, symEncAlgo, cb);
+            symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo, cb);
         } else {
-            symmetricKey = getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto,
cb);
+            symmetricKey = 
+                getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb);
         }
 
-        // initialize Cipher ....
+        return 
+            decryptEncryptedData(
+                doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
+            );
+    }
+
+    
+    /**
+     * Look up the encrypted data. First try wsu:Id="someURI". If no such Id then try the

+     * generic lookup to find Id="someURI"
+     * 
+     * @param doc The document in which to find EncryptedData
+     * @param dataRefURI The URI of EncryptedData
+     * @return The EncryptedData element
+     * @throws WSSecurityException if the EncryptedData element referenced by dataRefURI
is 
+     * not found
+     */
+    public static Element
+    findEncryptedDataElement(
+        Document doc,
+        String dataRefURI
+    ) throws WSSecurityException {
+        Element encryptedDataElement = WSSecurityUtil.getElementByWsuId(doc, dataRefURI);
+        if (encryptedDataElement == null) {   
+            encryptedDataElement = WSSecurityUtil.getElementByGenId(doc, dataRefURI);
+        }
+        if (encryptedDataElement == null) {
+            throw new WSSecurityException(
+                WSSecurityException.INVALID_SECURITY, "dataRef", new Object[] {dataRefURI}
+            );
+        }
+        return encryptedDataElement;
+    }
+
+    
+    /**
+     * Decrypt the EncryptedData argument using a SecretKey.
+     * @param doc The (document) owner of EncryptedData
+     * @param dataRefURI The URI of EncryptedData
+     * @param encData The EncryptedData element
+     * @param symmetricKey The SecretKey with which to decrypt EncryptedData
+     * @param symEncAlgo The symmetric encryption algorithm to use
+     * @throws WSSecurityException
+     */
+    public static WSDataRef
+    decryptEncryptedData(
+        Document doc,
+        String dataRefURI,
+        Element encData,
+        SecretKey symmetricKey,
+        String symEncAlgo
+    ) throws WSSecurityException {
         XMLCipher xmlCipher = null;
         try {
             xmlCipher = XMLCipher.getInstance(symEncAlgo);
             xmlCipher.init(XMLCipher.DECRYPT_MODE, symmetricKey);
-        } catch (XMLEncryptionException e1) {
+        } catch (XMLEncryptionException ex) {
             throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e1
+                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
             );
         }
 
+        WSDataRef dataRef = new WSDataRef(dataRefURI);
+        dataRef.setWsuId(dataRefURI);
+        boolean content = X509Util.isContent(encData);
+        Node parent = encData.getParentNode();
+        Node previousSibling = encData.getPreviousSibling();
         if (content) {
-            encBodyData = (Element) encBodyData.getParentNode();
-            dataRef.setName(new QName(encBodyData.getNamespaceURI(), encBodyData.getLocalName()));
+            encData = (Element) encData.getParentNode();
+            parent = encData.getParentNode();
         }
-            
+        
         try {
-            Node parentEncBody =encBodyData.getParentNode();
-            final java.util.List before_peers = listChildren(parentEncBody);
-            
-            xmlCipher.doFinal(doc, encBodyData, content);
-            
-            if (parentEncBody.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
-                && parentEncBody.getNamespaceURI().equals(WSConstants.WSSE11_NS))
{
-                Node decryptedHeader = parentEncBody.getFirstChild();
-                Element decryptedHeaderClone = (Element)decryptedHeader.cloneNode(true);
-                String sigId = decryptedHeaderClone.getAttributeNS(WSConstants.WSU_NS, "Id");
+            xmlCipher.doFinal(doc, encData, content);
+        } catch (Exception ex) {
+            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
+        }
+        
+        if (parent.getLocalName().equals(WSConstants.ENCRYPTED_HEADER)
+            && parent.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
                 
-                if (sigId == null || sigId.equals("")) {
-                    String id = ((Element)parentEncBody).getAttributeNS(WSConstants.WSU_NS,
"Id");                              
-                    String wsuPrefix = 
-                        WSSecurityUtil.setNamespace(
-                            decryptedHeaderClone, WSConstants.WSU_NS, WSConstants.WSU_PREFIX
-                        );
-                    decryptedHeaderClone.setAttributeNS(WSConstants.WSU_NS, wsuPrefix + ":Id",
id);
-                    dataRef.setWsuId(id.substring(1));
-                } else {
-                    dataRef.setWsuId(sigId);
-                }
-                    
-                parentEncBody.getParentNode().appendChild(decryptedHeaderClone);
-                parentEncBody.getParentNode().removeChild(parentEncBody);
-            } 
-            
-            final java.util.List after_peers = listChildren(parentEncBody);
-            final java.util.List new_nodes = newNodes(before_peers, after_peers);
-            for (
-                final java.util.Iterator pos = new_nodes.iterator();
-                pos.hasNext();
-            ) {
-                Node node = (Node) pos.next();
-                if (node instanceof Element) {
-                    if(!Constants.SignatureSpecNS.equals(node.getNamespaceURI()) 
-                        && node.getAttributes().getNamedItemNS(WSConstants.WSU_NS,
"Id") == null) {
-                        String wsuPrefix = 
-                            WSSecurityUtil.setNamespace(
-                                (Element)node, WSConstants.WSU_NS, WSConstants.WSU_PREFIX
-                            );
-                        ((Element)node).setAttributeNS(
-                            WSConstants.WSU_NS, wsuPrefix + ":Id", dataRefURI
-                        );
-                        dataRef.setWsuId(dataRefURI.substring(1));                      
       
-                    }
-                    dataRef.setName(new QName(node.getNamespaceURI(),node.getLocalName()));
-                }
+            Node decryptedHeader = parent.getFirstChild();
+            Element decryptedHeaderClone = (Element)decryptedHeader.cloneNode(true);    
       
+            parent.getParentNode().appendChild(decryptedHeaderClone);
+            parent.getParentNode().removeChild(parent);
+            dataRef.setProtectedElement(decryptedHeaderClone);
+        } else if (content) {
+            dataRef.setProtectedElement(encData);
+        } else {
+            Node decryptedNode;
+            if (previousSibling == null) {
+                decryptedNode = parent.getFirstChild();
+            } else {
+                decryptedNode = previousSibling.getNextSibling();
+            }
+            if (decryptedNode != null && Node.ELEMENT_NODE == decryptedNode.getNodeType())
{
+                dataRef.setProtectedElement((Element)decryptedNode);
             }
-
-        } catch (Exception e) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILED_CHECK, null, null, e
-            );
         }
+        
+        return dataRef;
     }
-
-    public String getId() {
-        return null;
-    }
+    
 
     /**
      * Retrieves a secret key (session key) from a already parsed EncryptedKey
@@ -356,88 +370,8 @@
         return WSSecurityUtil.prepareSecretKey(algorithm, decryptedData);
     }
     
-    /**
-     * @return      a list of Nodes, representing the 
-     */
-    private static java.util.List
-    listChildren(
-        final Node parent
-    ) {
-        if (parent == null) {
-            return java.util.Collections.EMPTY_LIST;
-        }
-        final java.util.List ret = new java.util.ArrayList();
-        if (parent.hasChildNodes()) {
-            final NodeList children = parent.getChildNodes();
-            if (children != null) {
-                for (int i = 0, n = children.getLength();  i < n;  ++i) {
-                    ret.add(children.item(i));
-                }
-            }
-        }
-        return ret;
-    }
-
-    /**
-     * @return a list of Nodes in b that are not in a
-     */
-    private static java.util.List
-    newNodes(
-        java.util.List a,
-        java.util.List b
-    ) {
-        if (a.size() == 0) {
-            return b;
-        }
-        if (b.size() == 0) {
-            return java.util.Collections.EMPTY_LIST;
-        }
-        
-        a = new ArrayList(a);
-        //try a fast node compare at same position first.....
-        for (int x = 0; x < b.size(); x++) {
-            final Node bnode = (Node)b.get(x);
-            final Node anode = (Node)a.get(x);
-            if (bnode == anode
-                || bnode.getLocalName().equals(anode.getLocalName())
-                && bnode.getNamespaceURI().equals(anode.getNamespaceURI())) {
-                b.remove(x);
-                a.remove(x);
-            }
-        }
-        //what's left is stuff that didn't exactly position match, do slower searches
-        final java.util.List ret = new java.util.ArrayList();
-        for (
-            final java.util.Iterator bpos = b.iterator();
-            bpos.hasNext();
-        ) {
-            final Node bnode = (Node) bpos.next();
-            final java.lang.String bns = bnode.getNamespaceURI();
-            final java.lang.String bln = bnode.getLocalName();
-            boolean found = false;
-            for (
-                final java.util.Iterator apos = a.iterator();
-                apos.hasNext() && !found;
-            ) {
-                final Node anode = (Node) apos.next();
-                final java.lang.String ans = anode.getNamespaceURI();
-                final java.lang.String aln = anode.getLocalName();
-                final boolean nsmatch =
-                    ans == null
-                    ? ((bns == null) ? true : false)
-                            : ((bns == null) ? false : ans.equals(bns));
-                final boolean lnmatch =
-                    aln == null
-                    ? ((bln == null) ? true : false)
-                            : ((bln == null) ? false : aln.equals(bln));
-                if (nsmatch && lnmatch) {
-                    found = true;
-                }
-            }
-            if (!found) {
-                ret.add(bnode);
-            }
-        }
-        return ret;
+    public String getId() {
+        return null;
     }
+    
 }

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
Mon Jun 15 14:26:14 2009
@@ -528,10 +528,13 @@
      */
     public static String getIDFromReference(String ref) {
         String id = ref.trim();
-        if ((id.length() == 0) || (id.charAt(0) != '#')) {
+        if (id.length() == 0) {
             return null;
         }
-        return id.substring(1);
+        if (id.charAt(0) == '#') {
+            id = id.substring(1);
+        }
+        return id;
     }
     
     /**
@@ -557,11 +560,7 @@
         if (id == null) {
             return null;
         }
-        id = id.trim();
-        if ((id.length() == 0) || (id.charAt(0) != '#')) {
-            return null;
-        }
-        id = id.substring(1);
+        id = getIDFromReference(id);
         return WSSecurityUtil.findElementById(doc.getDocumentElement(), id, null);
     }
 

Modified: webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java?rev=784791&r1=784790&r2=784791&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNew6.java Mon Jun 15 14:26:14
2009
@@ -27,6 +27,7 @@
 import org.apache.axis.message.SOAPEnvelope;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.components.crypto.Crypto;
@@ -42,6 +43,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Vector;
 
 /**
  * WS-Security Test Case <p/>
@@ -58,7 +60,7 @@
         +   "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" 
         +   "<SOAP-ENV:Body>" 
         +       "<add xmlns=\"http://ws.apache.org/counter/counter_port_type\">" 
-        +           "<value xmlns=\"\">15</value>" 
+        +           "<value xmlns=\"http://blah.com\">15</value>" 
         +       "</add>" 
         +   "</SOAP-ENV:Body>" 
         + "</SOAP-ENV:Envelope>";
@@ -139,6 +141,70 @@
         LOG.info("After Encryption....");
         verify(encryptedSignedDoc);
     }
+    
+    /**
+     * Test that signs and then encrypts a WS-Security envelope, then performs
+     * decryption and verification <p/>
+     * 
+     * @throws Exception
+     *             Thrown when there is any problem in signing, encryption,
+     *             decryption, or verification
+     */
+    public void testSigningEncryption() throws Exception {
+        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+        WSSecEncrypt encrypt = new WSSecEncrypt();
+        WSSecSignature sign = new WSSecSignature();
+        encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
+        sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        LOG.info("Before Encryption....");
+        Document doc = unsignedEnvelope.getAsDocument();
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
+        LOG.info("After Encryption....");
+        verify(encryptedSignedDoc);
+    }
+    
+    
+    /**
+     * Test that signs a SOAP Body, and then encrypts some data inside the SOAP Body.
+     * As the encryption adds a wsu:Id to the encrypted element, this test checks that
+     * verification still works ok.
+     */
+    public void testWSS198() throws Exception {
+        SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+        WSSecEncrypt encrypt = new WSSecEncrypt();
+        WSSecSignature sign = new WSSecSignature();
+        encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
+        sign.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
+        LOG.info("Before Encryption....");
+        Document doc = unsignedEnvelope.getAsDocument();
+        
+        Vector parts = new Vector();
+        WSEncryptionPart encP =
+            new WSEncryptionPart(
+                "add",
+                "http://ws.apache.org/counter/counter_port_type",
+                "");
+        parts.add(encP);
+        encrypt.setParts(parts);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        Document encryptedSignedDoc = encrypt.build(signedDoc, crypto, secHeader);
+        LOG.info("WSS198");
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedSignedDoc);
+            LOG.debug(outputString);
+        }
+        verify(encryptedSignedDoc);
+    }
 
     /**
      * Verifies the soap envelope <p/>



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message