Author: coheigea
Date: Fri Oct 23 16:27:25 2009
New Revision: 829117
URL:
http://svn.apache.org/viewvc?rev=829117&view=revLog:
[WSS-214] - SignatureProcessor is not reusing results from BinarySecurityTokenProcessor or DerivedKeyTokenProcessor
- Already fixed on trunk.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=829117&r1=829116&r2=829117&view=diff==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java Fri Oct 23 16:27:25 2009
@@ -118,7 +118,7 @@
*/
private void createSecurityToken(Element element) throws WSSecurityException {
this.token = new BinarySecurity(element);
- String type = token.getValueType();
+ type = token.getValueType();
if (X509Security.X509_V3_TYPE.equals(type)) {
this.token = new X509Security(element);
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=829117&r1=829116&r2=829117&view=diff==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java Fri Oct 23 16:27:25 2009
@@ -52,6 +52,7 @@
private String id;
private byte[] keyBytes;
+ private DerivedKeyToken dkt;
private byte[] secret;
private int length;
@@ -71,7 +72,7 @@
) throws WSSecurityException {
// Deserialize the DKT
- DerivedKeyToken dkt = new DerivedKeyToken(elem);
+ dkt = new DerivedKeyToken(elem);
this.extractSecret(wsDocInfo, dkt, cb, crypto);
String tempNonce = dkt.getNonce();
@@ -327,4 +328,11 @@
return keyBytes;
}
+ /**
+ * Return the DerivedKeyToken object
+ */
+ public DerivedKeyToken getDerivedKeyToken() {
+ return dkt;
+ }
+
}
Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=829117&r1=829116&r2=829117&view=diff==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java Fri Oct 23 16:27:25 2009
@@ -255,19 +255,18 @@
}
} else if (el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_02)
|| el.equals(WSSecurityEngine.DERIVED_KEY_TOKEN_05_12)) {
- dkt = new DerivedKeyToken(token);
- String id = dkt.getID();
+ String id = token.getAttributeNS(WSConstants.WSU_NS, "Id");
DerivedKeyTokenProcessor dktProcessor =
(DerivedKeyTokenProcessor) wsDocInfo.getProcessor(id);
String signatureMethodURI = sig.getSignedInfo().getSignatureMethodURI();
+ dkt = dktProcessor.getDerivedKeyToken();
int keyLength = (dkt.getLength() > 0) ? dkt.getLength() :
WSSecurityUtil.getKeyLength(signatureMethodURI);
secretKey = dktProcessor.getKeyBytes(keyLength);
} else {
if (el.equals(WSSecurityEngine.binaryToken)) {
- // TODO: Use results from BinarySecurityTokenProcessor
- certs = getCertificatesTokenReference(token, crypto);
+ certs = getCertificates(token, wsDocInfo, crypto);
} else if (el.equals(WSSecurityEngine.SAML_TOKEN)) {
if (crypto == null) {
throw new WSSecurityException(
@@ -535,6 +534,38 @@
}
}
+
+ /**
+ * Get the X509 Certificates from the BinarySecurityToken DOM element. It first tries to
+ * get the certificates from the BinarySecurityTokenProcessor, if the BST has been previously
+ * processed. If this fails, it gets the certificates directly from the token.
+ * @param The BinarySecurityToken element
+ * @wsDocInfo The WSDocInfo structure that contains information on previous processing
+ * @crypto The crypto instance that is needed to get the certificates from the BST
+ * @throws WSSecurityException
+ */
+ public X509Certificate[]
+ getCertificates(Element elem, WSDocInfo wsDocInfo, Crypto crypto) throws WSSecurityException {
+
+ String id = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ BinarySecurityTokenProcessor bstProcessor =
+ (BinarySecurityTokenProcessor) wsDocInfo.getProcessor(id);
+ if (bstProcessor != null) {
+ String type = bstProcessor.getType();
+ if (!(X509Security.X509_V3_TYPE.equals(type)
+ || PKIPathSecurity.getType().equals(type))) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
+ "unsupportedBinaryTokenType",
+ new Object[]{type}
+ );
+ }
+ return bstProcessor.getCertificates();
+ } else {
+ return getCertificatesTokenReference(elem, crypto);
+ }
+ }
+
/**
* Extracts the certificate(s) from the Binary Security token reference.
*
@@ -553,9 +584,7 @@
return ((PKIPathSecurity) token).getX509Certificates(false, crypto);
} else if (token instanceof X509Security) {
X509Certificate cert = ((X509Security) token).getX509Certificate(crypto);
- X509Certificate[] certs = new X509Certificate[1];
- certs[0] = cert;
- return certs;
+ return new X509Certificate[]{cert};
}
return null;
}
@@ -572,16 +601,13 @@
* @throws WSSecurityException
*/
private BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
- BinarySecurity token = new BinarySecurity(element);
- String type = token.getValueType();
- X509Security x509 = null;
- PKIPathSecurity pkiPath = null;
+ String type = element.getAttribute("ValueType");
if (X509Security.X509_V3_TYPE.equals(type)) {
- x509 = new X509Security(element);
+ X509Security x509 = new X509Security(element);
return (BinarySecurity) x509;
} else if (PKIPathSecurity.getType().equals(type)) {
- pkiPath = new PKIPathSecurity(element);
+ PKIPathSecurity pkiPath = new PKIPathSecurity(element);
return (BinarySecurity) pkiPath;
}
throw new WSSecurityException(
---------------------------------------------------------------------
To unsubscribe, e-mail:
wss4j-dev-unsubscribe@...
For additional commands, e-mail:
wss4j-dev-help@...
