ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r786443 - in /webservices/wss4j/trunk: src/org/apache/ws/security/ src/org/apache/ws/security/message/token/ test/wssec/
Date Fri, 19 Jun 2009 10:39:49 GMT
Author: coheigea
Date: Fri Jun 19 10:39:49 2009
New Revision: 786443

URL: http://svn.apache.org/viewvc?rev=786443&view=rev
Log:
Some bits and pieces.
 - Refactored WSConstants. Added in a note that X509_KEY_IDENTIFIER is non-standard
 - Removed the unused "type" stuff from WSEncryptionPart.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java Fri Jun 19 10:39:49
2009
@@ -30,80 +30,88 @@
  * Constants in WS-Security spec.
  */
 public class WSConstants {
-    /*
-     * All the various string and keywords required.
-     * 
-     * At first the WSS namespaces as per WSS specifications
-     */
-    public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
-    public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
-    public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
     
     /*
-     * The base URIs for the various profiles.
-     */
-    public static final String SOAPMESSAGE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
-    public static final String SOAPMESSAGE_NS11 = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";
-    public static final String USERNAMETOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
-    public static final String X509TOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
-    public static final String SAMLTOKEN_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
-    /*
-     * The Element name (local name) of the security header
+     * Standard constants used in WSS4J
      */
-    public static final String WSSE_LN = "Security";
+    
+    //
+    // Namespaces
+    //
+    public static final String WSSE_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+    public static final String WSSE11_NS = 
+        "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+    public static final String WSU_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+    
+    public static final String SOAPMESSAGE_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
+    public static final String SOAPMESSAGE_NS11 = 
+        "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";
+    public static final String USERNAMETOKEN_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
+    public static final String X509TOKEN_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
+    public static final String SAMLTOKEN_NS = 
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
 
-    /*
-     * The Thumbprint relative URI string (without #)
-     * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
-     */
-    public static final String THUMBPRINT ="ThumbprintSHA1";
+    public static final String SIG_NS = Constants.SignatureSpecNS;
+    public static final String ENC_NS = EncryptionConstants.EncryptionSpecNS;
+    public static final String XMLNS_NS = Constants.NamespaceSpecNS;
+    public static final String XML_NS = Constants.XML_LANG_SPACE_SpecNS;
     
-    /*
-     * The SAMLAssertionID relative URI string (without #)
-     */
-    public static final String SAML_ASSERTION_ID = "SAMLAssertionID";
+    public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
+    public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
+    public static final String WSS_SAML_NS = 
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";
     
-    /*
-     * The EncryptedKeyToken value type URI used in wsse:Reference 
-     */
-    public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
+    public static final String URI_SOAP11_ENV =
+        "http://schemas.xmlsoap.org/soap/envelope/";
+    public static final String URI_SOAP12_ENV =
+        "http://www.w3.org/2003/05/soap-envelope";
+    public static final String URI_SOAP11_NEXT_ACTOR =
+        "http://schemas.xmlsoap.org/soap/actor/next";
+    public static final String URI_SOAP12_NEXT_ROLE =
+        "http://www.w3.org/2003/05/soap-envelope/role/next";
+    public static final String URI_SOAP12_NONE_ROLE =
+        "http://www.w3.org/2003/05/soap-envelope/role/none";
+    public static final String URI_SOAP12_ULTIMATE_ROLE =
+        "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver";
     
-    /*
-     * The relative URI to be used for encrypted key SHA1 (Without #)
-     * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
-     */
-    public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
+    public static final String C14N_OMIT_COMMENTS = 
+        Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
+    public static final String C14N_WITH_COMMENTS = 
+        Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
+    public static final String C14N_EXCL_OMIT_COMMENTS = 
+        Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+    public static final String C14N_EXCL_WITH_COMMENTS = 
+        Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
     
-    /*
-     * The namespace prefixes used. We uses the same prefix convention
-     * as shown in the specifications
-     */
-    public static final String WSSE_PREFIX = "wsse";
-    public static final String WSSE11_PREFIX = "wsse11";
-    public static final String WSU_PREFIX = "wsu";
-    public static final String DEFAULT_SOAP_PREFIX = "soapenv";
+    public static final String KEYTRANSPORT_RSA15 = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
+    public static final String KEYTRANSPORT_RSAOEP = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+    public static final String TRIPLE_DES = EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
+    public static final String AES_128 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+    public static final String AES_256 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+    public static final String AES_192 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+    public static final String DSA = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+    public static final String RSA = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
     
-    /*
-     * Now the namespaces, local names, and prefixes of XML-SIG and XML-ENC
-     */
-    public static final String SIG_NS = Constants.SignatureSpecNS;
-    public static final String SIG_PREFIX = "ds";
+    public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    public final static String WSC_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+    //
+    // Localnames
+    //
+    public static final String WSSE_LN = "Security";
+    public static final String THUMBPRINT ="ThumbprintSHA1";
+    public static final String SAML_ASSERTION_ID = "SAMLAssertionID";
+    public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
+    public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
     public static final String SIG_LN = "Signature";
-    public static final String ENC_NS = EncryptionConstants.EncryptionSpecNS;
-    public static final String ENC_PREFIX = "xenc";
     public static final String ENC_KEY_LN = "EncryptedKey";
     public static final String ENC_DATA_LN = "EncryptedData";
     public static final String REF_LIST_LN = "ReferenceList";
-
-    /*
-     * The standard namespace definitions
-     */
-    public static final String XMLNS_NS = Constants.NamespaceSpecNS;
-    public static final String XML_NS = Constants.XML_LANG_SPACE_SpecNS;
-    
-    /*
-     * The local names and attribute names used by WSS
-     */
     public static final String USERNAME_TOKEN_LN = "UsernameToken";
     public static final String BINARY_TOKEN_LN = "BinarySecurityToken";
     public static final String TIMESTAMP_TOKEN_LN = "Timestamp";
@@ -116,169 +124,104 @@
     public static final String SIGNATURE_CONFIRMATION_LN = "SignatureConfirmation"; 
     public static final String SALT_LN = "Salt";
     public static final String ITERATION_LN = "Iteration";
-    
-    /*
-     * The definitions for SAML
-     */
-    public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
-    public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
     public static final String ASSERTION_LN = "Assertion";
-    public static final String WSS_SAML_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";
     public static final String WSS_SAML_ASSERTION = "SAMLAssertion-1.1";
-    public static final String WSS_SAML_KI_VALUE_TYPE = WSS_SAML_NS + SAML_ASSERTION_ID;
-
-    //
-    // SOAP-ENV Namespaces
-    //
-    public static final String URI_SOAP11_ENV =
-            "http://schemas.xmlsoap.org/soap/envelope/";
-    public static final String URI_SOAP12_ENV =
-            "http://www.w3.org/2003/05/soap-envelope";
-
-    public static final String[] URIS_SOAP_ENV = {
-        URI_SOAP11_ENV,
-        URI_SOAP12_ENV,
-    };
-
-    // Misc SOAP Namespaces / URIs
-    public static final String URI_SOAP11_NEXT_ACTOR =
-            "http://schemas.xmlsoap.org/soap/actor/next";
-    public static final String URI_SOAP12_NEXT_ROLE =
-            "http://www.w3.org/2003/05/soap-envelope/role/next";
-    public static final String URI_SOAP12_NONE_ROLE =
-            "http://www.w3.org/2003/05/soap-envelope/role/none";
-    public static final String URI_SOAP12_ULTIMATE_ROLE =
-            "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver";
-
+    public static final String PW_DIGEST = "PasswordDigest";
+    public static final String PW_TEXT = "PasswordText";
+    public static final String PW_NONE = "PasswordNone";
+    public static final String ENCRYPTED_HEADER = "EncryptedHeader";
+    
     public static final String ELEM_ENVELOPE = "Envelope";
     public static final String ELEM_HEADER = "Header";
     public static final String ELEM_BODY = "Body";
-
     public static final String ATTR_MUST_UNDERSTAND = "mustUnderstand";
     public static final String ATTR_ACTOR = "actor";
     public static final String ATTR_ROLE = "role";
-
     public static final String NULL_NS = "Null";
+    
+    //
+    // Prefixes
+    //
+    public static final String WSSE_PREFIX = "wsse";
+    public static final String WSSE11_PREFIX = "wsse11";
+    public static final String WSU_PREFIX = "wsu";
+    public static final String DEFAULT_SOAP_PREFIX = "soapenv";
+    public static final String SIG_PREFIX = "ds";
+    public static final String ENC_PREFIX = "xenc";
+    
+    
+    //
+    // Fault codes defined in the WSS 1.1 spec under section 12, Error handling
+    //
+    
     /**
-     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document,
String, String) UserNameToken}
-     * method to use a password digest to send the password information
-     * <p/>
-     * This is a required method as defined by WS Specification, Username token profile.
-     */
-    public static final String PW_DIGEST = "PasswordDigest";
-    /*
-     * The password type URI used in the username token 
+     * An unsupported token was provided
      */
-    public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS + "#PasswordDigest";
-
+    public static final QName UNSUPPORTED_SECURITY_TOKEN = 
+        new QName(WSSE_NS, "UnsupportedSecurityToken");
+    
     /**
-     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document,
String, String) UserNameToken}
-     * method to send the password in clear
-     * <p/>
-     * This is a required method as defined by WS Specification, Username token profile.
-     */
-    public static final String PW_TEXT = "PasswordText";
-    /*
-     * The password type URI used in the username token 
+     * An unsupported signature or encryption algorithm was used
      */
-    public static final String PASSWORD_TEXT = USERNAMETOKEN_NS + "#PasswordText";
+    public static final QName UNSUPPORTED_ALGORITHM  = 
+        new QName(WSSE_NS, "UnsupportedAlgorithm");
     
     /**
-     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document,
String, String) UserNameToken}
-     * method to send _no_ password related information. 
-     * <p/>
-     * This is a required method as defined by WS Specification, Username token profile as
passwords are optional.
-     * Also see the WS-I documentation for scenario's using this feature in a trust environment.
-     */ 
-    public static final String PW_NONE = "PasswordNone";
-
-    /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to encrypt the symmetric data encryption key with the RSA algorithm.
-     * <p/>
-     * This is a required method as defined by XML encryption.
+     * An error was discovered processing the <Security> header
      */
-    public static final String KEYTRANSPORT_RSA15 = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
-
+    public static final QName INVALID_SECURITY = 
+        new QName (WSSE_NS, "InvalidSecurity");
+    
     /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to encrypt the symmetric data encryption key with the RSA algorithm.
-     * <p/>
-     * This is a required method as defined by XML encryption.
-     * <p/>
-     * NOTE: This algorithm is not yet supported by WSS4J
+     * An invalid security token was provided
      */
-    public static final String KEYTRANSPORT_RSAOEP = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
+    public static final QName INVALID_SECURITY_TOKEN = 
+        new QName (WSSE_NS, "InvalidSecurityToken");
+    
     /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to use triple DES as the symmetric algorithm to encrypt data.
-     * <p/>
-     * This is a required method as defined by XML encryption.
-     * The String to use in WSDD file (in accordance to w3c specifications:
-     * <br/>
-     * http://www.w3.org/2001/04/xmlenc#tripledes-cbc
+     * The security token could not be authenticated or authorized
      */
-    public static final String TRIPLE_DES = EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
-
+    public static final QName FAILED_AUTHENTICATION = 
+        new QName (WSSE_NS, "FailedAuthentication");
+    
     /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to use AES with 128 bit key as the symmetric algorithm to encrypt data.
-     * <p/>
-     * This is a required method as defined by XML encryption.
-     * The String to use in WSDD file (in accordance to w3c specifications:
-     * <br/>
-     * http://www.w3.org/2001/04/xmlenc#aes128-cbc
+     * The signature or decryption was invalid
      */
-    public static final String AES_128 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
-
-    /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to use AES with 256 bit key as the symmetric algorithm to encrypt data.
-     * <p/>
-     * This is a required method as defined by XML encryption.
-     * The String to use in WSDD file (in accordance to w3c specifications:
-     * <br/>
-     * http://www.w3.org/2001/04/xmlenc#aes256-cbc
+    public static final QName FAILED_CHECK = 
+        new QName (WSSE_NS, "FailedCheck");
+    
+    /** 
+     * Referenced security token could not be retrieved
      */
-    public static final String AES_256 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-
-    /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to use AES with 192 bit key as the symmetric algorithm to encrypt data.
-     * <p/>
-     * This is a optional method as defined by XML encryption.
-     * The String to use in WSDD file (in accordance to w3c specifications:
-     * <br/>
-     * http://www.w3.org/2001/04/xmlenc#aes192-cbc
+    public static final QName SECURITY_TOKEN_UNAVAILABLE = 
+        new QName (WSSE_NS, "SecurityTokenUnavailable");
+    
+    /** 
+     * The message has expired
      */
-    public static final String AES_192 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+    public static final QName MESSAGE_EXPIRED = 
+        new QName (WSSE_NS, "MessageExpired");
 
-    /**
-     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
signature}
-     * method to use DSA with SHA1 (DSS) to sign data.
-     * <p/>
-     * This is a required method as defined by XML signature.
-     */
-    public static final String DSA = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+    //
+    // Misc
+    //
+    public static final String WSS_SAML_KI_VALUE_TYPE = WSS_SAML_NS + SAML_ASSERTION_ID;
+    public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS + "#PasswordDigest";
+    public static final String PASSWORD_TEXT = USERNAMETOKEN_NS + "#PasswordText";
 
-    /**
-     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
signature}
-     * method to use RSA with SHA to sign data.
-     * <p/>
-     * This is a recommended method as defined by XML signature.
-     */
-    public static final String RSA = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+    public static final String[] URIS_SOAP_ENV = {
+        URI_SOAP11_ENV,
+        URI_SOAP12_ENV,
+    };
 
-    public static final String C14N_OMIT_COMMENTS = Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
-    public static final String C14N_WITH_COMMENTS = Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
-    public static final String C14N_EXCL_OMIT_COMMENTS = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
-    public static final String C14N_EXCL_WITH_COMMENTS = Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
+    /*
+     * Constants used to configure WSS4J
+     */
 
     /**
-     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
signing}
-     * method to send the signing certificate as a
-     * <code>BinarySecurityToken</code>.
+     * Sets the {@link 
+     * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto, WSSecHeader)

+     * } method to send the signing certificate as a <code>BinarySecurityToken</code>.
      * <p/>
      * The signing method takes the signing certificate, converts it to a
      * <code>BinarySecurityToken</code>, puts it in the security header,
@@ -288,18 +231,20 @@
      * The X509 profile recommends to use {@link #ISSUER_SERIAL} instead
      * of sending the whole certificate.
      * <p/>
-     * Please refer to WS Security specification X509 profile, chapter 3.3.2
-     * and to WS Security specification, chapter 7.2
+     * Please refer to WS Security specification X509 1.1 profile, chapter 3.3.2
+     * and to WS Security SOAP Message security 1.1 specification, chapter 7.2
      * <p/>
      * Note: only local references to BinarySecurityToken are supported
      */
     public static final int BST_DIRECT_REFERENCE = 1;
 
     /**
-     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
signing}
-     * or the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to send the issuer name and the serial number of a
-     * certificate to the receiver.
+     * Sets the {@link 
+     * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
+     * } or the {@link 
+     * org.apache.ws.security.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
+     * } method to send the issuer name and the serial number of a certificate to
+     * the receiver.
      * <p/>
      * In contrast to {@link #BST_DIRECT_REFERENCE} only the issuer name
      * and the serial number of the signing certificate are sent to the
@@ -307,43 +252,43 @@
      * method uses the public key associated with this certificate to encrypt
      * the symmetric key used to encrypt data.
      * <p/>
-     * Please refer to WS Security specification X509 profile, chapter 3.3.3
+     * Please refer to WS Security specification X509 1.1 profile, chapter 3.3.3
      */
     public static final int ISSUER_SERIAL = 2;
 
     /**
-     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto)
encryption}
-     * method to send the certificate used to encrypt the symmetric key.
+     * Sets the {@link 
+     * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
+     * } or the {@link 
+     * org.apache.ws.security.message.WSSecEncrypt#build(Document, Crypto, WSSecHeader)
+     * }method to send the certificate used to encrypt the symmetric key.
      * <p/>
      * The encryption method uses the public key associated with this certificate
-     * to encrypr the symmetric key used to encrypt data. The certificate is
-     * converted into a <code>KeyIdentfier</code> token and sent to the receiver.
+     * to encrypt the symmetric key used to encrypt data. The certificate is
+     * converted into a <code>KeyIdentifier</code> token and sent to the receiver.
      * Thus the complete certificate data is transfered to receiver.
      * The X509 profile recommends to use {@link #ISSUER_SERIAL} instead
      * of sending the whole certificate.
      * <p/>
-     * <p/>
-     * Please refer to WS Security specification X509 profile, chapter 7.3
+     * Please refer to WS Security SOAP Message security 1.1 specification, 
+     * chapter 7.3. Note that this is a NON-STANDARD method. The standard way to refer to
+     * an X.509 Certificate via a KeyIdentifier is to use {@link SKI_KEY_IDENTIFIER}
      */
     public static final int X509_KEY_IDENTIFIER = 3;
+    
     /**
-     * Sets the
-     * {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
-     * signing}
-     * method to send a <code>SubjectKeyIdentifier</code> to identify
+     * Sets the {@link 
+     * org.apache.ws.security.message.WSSecSignature#build(Document, Crypto, WSSecHeader)
+     * } method to send a <code>SubjectKeyIdentifier</code> to identify
      * the signing certificate.
      * <p/>
-     * Refer to WS Security specification X509 profile, chapter 3.3.1
-     * This identification token is not yet fully tested by WSS4J. The
-     * WsDoAllSender does not include the X.509 certificate as
-     * <code>BinarySecurityToken</code> in the request message.
+     * Refer to WS Security specification X509 1.1 profile, chapter 3.3.1
      */
     public static final int SKI_KEY_IDENTIFIER = 4;
 
     /**
      * Embeds a keyinfo/key name into the EncryptedData element.
      * <p/>
-     * Refer to WS Security specification X509 profile
      */
     public static final int EMBEDDED_KEYNAME = 5;
     
@@ -387,7 +332,6 @@
      * This identifier uses the SHA-1 digest of a security token to
      * identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1
      * specification.
-     * 
      */
     public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER = 10;
     
@@ -413,8 +357,6 @@
      */
     public static final int KEY_VALUE = 13;
     
-    public static final String ENCRYPTED_HEADER = "EncryptedHeader";
-
     /*
      * The following values are bits that can be combined to for a set.
      * Be careful when selecting new values.
@@ -448,70 +390,4 @@
     public static final int WSE_DERIVED_KEY_LEN = 16;
     public static final String LABEL_FOR_DERIVED_KEY = "WS-Security";
     
-    /**
-     * WS-Trust namespace
-     */
-    public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
-    
-    public final static String WSC_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
-    
-    //
-    // Fault codes defined in the WSS 1.1 spec under section 12, Error handling
-    //
-    
-    /**
-     * An unsupported token was provided
-     */
-    public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(WSSE_NS, "UnsupportedSecurityToken");
-    
-    /**
-     * An unsupported signature or encryption algorithm was used
-     */
-    public static final QName UNSUPPORTED_ALGORITHM  = new QName(WSSE_NS, "UnsupportedAlgorithm");
-    
-    /**
-     * An error was discovered processing the <Security> header
-     */
-    public static final QName INVALID_SECURITY = new QName (WSSE_NS, "InvalidSecurity");
-    
-    /**
-     * An invalid security token was provided
-     */
-    public static final QName INVALID_SECURITY_TOKEN = new QName (WSSE_NS, "InvalidSecurityToken");
-    
-    /**
-     * The security token could not be authenticated or authorized
-     */
-    public static final QName FAILED_AUTHENTICATION = new QName (WSSE_NS, "FailedAuthentication");
-    
-    /**
-     * The signature or decryption was invalid
-     */
-    public static final QName FAILED_CHECK = new QName (WSSE_NS, "FailedCheck");
-    
-    /** 
-     * Referenced security token could not be retrieved
-     */
-    public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName (WSSE_NS, "SecurityTokenUnavailable");
-    
-    /** 
-     * The message has expired
-     */
-    public static final QName MESSAGE_EXPIRED = new QName (WSSE_NS, "MessageExpired");
-    
-    /**
-     * Header type in <code>org.apache.ws.security.WSEncryptionPart</code>
-     */
-    public static final int PART_TYPE_HEADER = 1;
-    
-    /**
-     * Body type in <code>org.apache.ws.security.WSEncryptionPart</code>
-     */
-    public static final int PART_TYPE_BODY = 2;
-    
-    /**
-     * Element type in <code>org.apache.ws.security.WSEncryptionPart</code>
-     */
-    public static final int PART_TYPE_ELEMENT = 3;
-    
 }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSEncryptionPart.java Fri Jun 19 10:39:49
2009
@@ -31,14 +31,6 @@
     private String id;
     
     /**
-     * Types of WSEncryptionPart
-     * <code>org.apache.ws.security.WSConstants.PART_TYPE_HEADER</code>
-     * <code>org.apache.ws.security.WSConstants.PART_TYPE_BODY</code>
-     * <code>org.apache.ws.security.WSConstants.PART_TYPE_ELEMENT</code>
-     */
-    private int type = -1;
-
-    /**
      * Constructor to initialize part structure with element, namespace, and modifier.
      * 
      * This constructor initializes the parts structure to lookup for a
@@ -63,32 +55,6 @@
     }
     
     /**
-     * Constructor to initialize part structure with element, namespace, and modifier,type.
-     * 
-     * This constructor initializes the parts structure to lookup for a
-     * fully qualified name of an element to encrypt or sign. The modifier
-     * controls how encryption encrypts the element, signature processing does
-     * not use the modifier information.
-     * 
-     * <p/>
-     * 
-     * Regarding the modifier ("Content" or "Element") refer to the W3C
-     * XML Encryption specification. 
-     * 
-     * @param nm Element's name
-     * @param nmspace Element's namespace
-     * @param encMod The encryption modifier
-     * @param type Type of the WSEncryptionPart
-     */
-    public WSEncryptionPart(String nm, String nmspace, String encMod, int type) {
-        name = nm;
-        namespace = nmspace;
-        encModifier = encMod;
-        this.type = type;
-        id = null;
-    }
-
-    /**
      * Constructor to initialize part structure with element id.
      * 
      * This constructor initializes the parts structure to lookup for a
@@ -124,30 +90,6 @@
     }
     
     /**
-     * Constructor to initialize part structure with element id, modifier and type.
-     * 
-     * This constructor initializes the parts structure to lookup for a
-     * an element with the given Id to encrypt or sign. The modifier
-     * controls how encryption encrypts the element, signature processing does
-     * not use the modifier information. 
-     * 
-     * <p/>
-     * 
-     * Regarding the modifier ("Content" or "Element") refer to the W3C
-     * XML Encryption specification. 
-     * 
-     * @param id The Id to of the element to process
-     * @param encMod The encryption modifier
-     * @param type of the element
-     */
-    public WSEncryptionPart(String id, String encMod,int type) {
-        this.id = id;
-        encModifier = encMod;
-        this.type = type;
-        name = namespace = null;
-    }
-
-    /**
      * @return the local name of the element to encrypt.
      */
     public String getName() {
@@ -175,7 +117,7 @@
         return id;
     }
     
-    public void setEncId (String id) {
+    public void setEncId(String id) {
         encId = id;
     }
     
@@ -183,12 +125,4 @@
         return encId;
     }
 
-    public int getType() {
-        return type;
-    }
-
-    public void setType(int type) {
-        this.type = type;
-    }
-    
 }

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Fri Jun 19 10:39:49 2009
@@ -325,7 +325,7 @@
 
     /**
      * Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI).
-     * Takes a X509 certificate, gets it SKI data, converts into base 64 and
+     * Takes a X509 certificate, gets the SKI data, converts it into base 64 and
      * inserts it into a <code>wsse:KeyIdentifier</code> element, which is placed
      * in the <code>wsse:SecurityTokenReference</code> element.
      *

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java Fri Jun 19 10:39:49 2009
@@ -36,8 +36,7 @@
 
 
 /**
- * WS-Security Test Case
- * <p/>
+ * WS-Security Test Case for SubjectKeyIdentifier.
  * 
  * @author Davanum Srinivas (dims@yahoo.com)
  * @author Werner Dittmann (Werner.Dittmann@siemens.com)

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java?rev=786443&r1=786442&r2=786443&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java Fri Jun 19 10:39:49 2009
@@ -139,6 +139,39 @@
         assertTrue (cert != null);
     }
     
+    /**
+     * Test signing a SOAP message using a BST, sending the CA cert as well in the
+     * message.
+     */
+    public void testSignatureDirectReferenceCACert() throws Exception {
+        WSSecSignature sign = new WSSecSignature();
+        sign.setUserInfo("wss40", "security");
+        sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+        sign.setUseSingleCertificate(false);
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPMSG);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        Document signedDoc = sign.build(doc, crypto, secHeader);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+            LOG.debug("BST CA Cert");
+            LOG.debug(outputString);
+        }
+        //
+        // Verify the signature
+        //
+        List results = verify(signedDoc, cryptoCA);
+        WSSecurityEngineResult result = 
+            WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        X509Certificate cert = 
+            (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+        assertTrue (cert != null);
+    }
+    
     
     /**
      * Test signing a SOAP message using Issuer Serial. Note that this should fail, as the



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message