June 2013 - jbossws-commits - Jboss List Archives

JBossWS SVN: r17650 - stack/cxf/branches.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-05 13:47:23 -0400 (Wed, 05 Jun 2013) New Revision: 17650 Added: stack/cxf/branches/JBWS-3648/ Log: Branching for working on 3648 (WS-Policy code-first improvements/tooling)

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17649 - in stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src: main/java/org/jboss/ws/extensions/security and 6 other directories.

by jbossws-commits＠lists.jboss.org

Author: mmusaji Date: 2013-06-04 12:11:17 -0400 (Tue, 04 Jun 2013) New Revision: 17649 Added: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/operation/ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/core/jaxws/spi/ProviderImpl.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/resources/schema/jboss-ws-security_1_0.xsd stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml Log: [JBPAPP-10768] Initial commit of CVE-2012-5575 (JBPAPP-10455) backport Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/core/jaxws/spi/ProviderImpl.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/core/jaxws/spi/ProviderImpl.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/core/jaxws/spi/ProviderImpl.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -116,19 +116,19 @@ return bindingId; } - @Override + public <T extends EndpointReference> T createEndpointReference(Class<T> clazz, QName serviceName, QName portName, Source wsdlDocumentLocation, Element... referenceParameters) { throw new NotImplementedException(); } - @Override + public W3CEndpointReference createW3CEndpointReference(String address, QName serviceName, QName portName, List<Element> metadata, String wsdlDocumentLocation, List<Element> referenceParameters) { throw new NotImplementedException(); } - @Override + public <T> T getPort(EndpointReference endpointReference, Class<T> serviceEndpointInterface, WebServiceFeature... features) { throw new NotImplementedException(); @@ -139,4 +139,4 @@ { throw new NotImplementedException(); } -} \ No newline at end of file +} Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -23,6 +23,8 @@ import java.util.Collection; import java.util.HashSet; +import java.util.Iterator; +import java.util.List; import javax.crypto.SecretKey; @@ -32,6 +34,7 @@ import org.jboss.ws.extensions.security.element.ReferenceList; import org.jboss.ws.extensions.security.element.SecurityHeader; import org.jboss.ws.extensions.security.element.SecurityProcess; +import org.jboss.ws.extensions.security.operation.EncryptionAlgorithms; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -41,11 +44,14 @@ private SecurityHeader header; private SecurityStore store; + + private List<String> allowedEncAlgorithms; - public DecryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException + public DecryptionOperation(SecurityHeader header, SecurityStore store, List<String> allowedEncAlgorithms) throws WSSecurityException { this.header = header; this.store = store; + this.allowedEncAlgorithms = allowedEncAlgorithms; } private boolean isContent(Element element) @@ -93,6 +99,15 @@ } String alg = getEncryptionAlgorithm(element); + if (allowedEncAlgorithms != null && !allowedEncAlgorithms.isEmpty()) { + boolean found = false; + for (Iterator<String> it = allowedEncAlgorithms.iterator(); it.hasNext() && !found; ) { + found = alg.equals(EncryptionAlgorithms.getAlgorithm(it.next())); + } + if (!found) { + throw new WSSecurityException("Unexpected encryption algorithm in received message: " + alg); + } + } try { XMLCipher cipher = XMLCipher.getInstance(alg); Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -23,7 +23,6 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; -import java.util.HashMap; import java.util.List; import javax.crypto.KeyGenerator; @@ -38,6 +37,7 @@ import org.jboss.ws.extensions.security.element.ReferenceList; import org.jboss.ws.extensions.security.element.SecurityHeader; import org.jboss.ws.extensions.security.element.X509Token; +import org.jboss.ws.extensions.security.operation.EncryptionAlgorithms; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -47,36 +47,6 @@ private SecurityStore store; - private static class Algorithm - { - Algorithm(String jceName, String xmlName, int size) - { - this.jceName = jceName; - this.xmlName = xmlName; - this.size = size; - } - - public String jceName; - public String xmlName; - public int size; - } - - private static HashMap<String, Algorithm> algorithms; - - private static final String DEFAULT_ALGORITHM = "aes-128"; - - static - { - algorithms = new HashMap<String, Algorithm>(4); - algorithms.put("aes-128", new Algorithm("AES", XMLCipher.AES_128, 128)); - algorithms.put("aes-192", new Algorithm("AES", XMLCipher.AES_192, 192)); - algorithms.put("aes-256", new Algorithm("AES", XMLCipher.AES_256, 256)); - algorithms.put("aes-128-gcm", new Algorithm("AES", XMLCipher.AES_128_GCM, 128)); - algorithms.put("aes-192-gcm", new Algorithm("AES", XMLCipher.AES_192_GCM, 192)); - algorithms.put("aes-256-gcm", new Algorithm("AES", XMLCipher.AES_256_GCM, 256)); - algorithms.put("tripledes", new Algorithm("TripleDes", XMLCipher.TRIPLEDES, 168)); - } - public EncryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException { this.header = header; @@ -112,14 +82,17 @@ } } - public SecretKey getSecretKey(String algorithm) throws WSSecurityException + public static SecretKey generateSecretKey(String alg) throws WSSecurityException { - Algorithm alg = algorithms.get(algorithm); + return getSecretKey(EncryptionAlgorithms.getAlgorithmID(alg)); + } + public static SecretKey getSecretKey(String algorithm) throws WSSecurityException + { try { - KeyGenerator kgen = KeyGenerator.getInstance(alg.jceName); - kgen.init(alg.size); + KeyGenerator kgen = KeyGenerator.getInstance(EncryptionAlgorithms.getAlgorithmJceName(algorithm)); + kgen.init(EncryptionAlgorithms.getAlgorithmSize(algorithm)); return kgen.generateKey(); } catch (NoSuchAlgorithmException e) @@ -130,14 +103,15 @@ public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, boolean digest, boolean useNonce, boolean useTimestamp) throws WSSecurityException { - if (! algorithms.containsKey(algorithm)) - algorithm = DEFAULT_ALGORITHM; + if (! EncryptionAlgorithms.hasAlgorithm(algorithm)) { + algorithm = EncryptionAlgorithms.DEFAULT_ALGORITHM; + } SecretKey secretKey = getSecretKey(algorithm); XMLCipher cipher; try { - cipher = XMLCipher.getInstance(algorithms.get(algorithm).xmlName); + cipher = XMLCipher.getInstance(EncryptionAlgorithms.getAlgorithm(algorithm)); cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); } catch (XMLSecurityException e) Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -21,13 +21,52 @@ */ package org.jboss.ws.extensions.security; +import java.util.LinkedList; +import java.util.List; +import java.util.StringTokenizer; + +import org.jboss.logging.Logger; import org.jboss.ws.extensions.security.element.SecurityHeader; +import org.jboss.ws.extensions.security.SecurityDecoder; +import org.jboss.ws.extensions.security.Target; - public class RequireEncryptionOperation extends RequireTargetableOperation -{ - public RequireEncryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException - { - super(header, store); + { + private List<String> allowedKeyWrapAlgorithms; + + private List<String> allowedEncAlgorithms; + + public RequireEncryptionOperation(List<Target> targets) { + super(targets); } -} + + public RequireEncryptionOperation(List<Target> targets, String keyWrapAlgorithms, String algorithms) + { + super(targets); + this.allowedEncAlgorithms = parseStringList(algorithms); + this.allowedKeyWrapAlgorithms = parseStringList(keyWrapAlgorithms); + } + + public void setupDecoder(SecurityDecoder decoder) { + if (allowedEncAlgorithms == null) { + Logger.getLogger(RequireEncryptionOperation.class).warn("No 'algorithms' provided for 'encryption' configuration requirement!"); + } + decoder.setAllowedEncAlgorithms(allowedEncAlgorithms); + if (allowedKeyWrapAlgorithms == null) { + Logger.getLogger(RequireEncryptionOperation.class).warn("No 'keyWrapAlgorithms' provided for 'encryption' configuration requirement!"); + } + decoder.setAllowedKeyWrapAlgorithms(allowedKeyWrapAlgorithms); + } + + private List<String> parseStringList(String s) { + List<String> result = null; + if (s != null && s.trim().length() > 0) { + StringTokenizer st = new StringTokenizer(s, ", ", false); + result = new LinkedList<String>(); + while (st.hasMoreTokens()) { + result.add(st.nextToken()); + } + } + return result; + } + } Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -22,12 +22,14 @@ package org.jboss.ws.extensions.security; import org.jboss.ws.extensions.security.element.SecurityHeader; +import org.jboss.ws.extensions.security.SecurityStore; +import java.util.List; public class RequireSignatureOperation extends RequireTargetableOperation { - public RequireSignatureOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException + public RequireSignatureOperation(List<Target> targets) throws WSSecurityException { - super(header, store); + super(targets); } } Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -33,8 +33,11 @@ public class RequireTargetableOperation implements RequireOperation { - public RequireTargetableOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException + private List<Target> targets; + + public RequireTargetableOperation(List<Target> targets) { + this.targets = targets; } private Collection<String> resolveTarget(Document message, Target target) throws WSSecurityException Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -34,6 +34,7 @@ import org.jboss.ws.extensions.security.element.Timestamp; import org.jboss.ws.extensions.security.element.Token; import org.jboss.ws.extensions.security.element.UsernameToken; +import org.jboss.ws.extensions.security.RequireEncryptionOperation; import org.jboss.ws.extensions.security.nonce.NonceFactory; import org.jboss.ws.metadata.wsse.Authenticate; import org.jboss.ws.metadata.wsse.TimestampVerification; @@ -67,6 +68,10 @@ private HashSet<String> signedIds = new HashSet<String>(); private HashSet<String> encryptedIds = new HashSet<String>(); + + private List<String> allowedKeyWrapAlgorithms; + + private List<String> allowedEncAlgorithms; public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate) @@ -129,7 +134,7 @@ encryptedIds.clear(); SignatureVerificationOperation signatureVerifier = new SignatureVerificationOperation(header, store); - DecryptionOperation decrypter = new DecryptionOperation(header, store); + DecryptionOperation decrypter = new DecryptionOperation(header, store, allowedEncAlgorithms); for (SecurityProcess process : header.getSecurityProcesses()) { @@ -153,6 +158,18 @@ } + + public void init(List<OperationDescription<RequireOperation>> requireOperations) { + if (requireOperations != null) { + for (OperationDescription<RequireOperation> operation : requireOperations) { + if (operation.equals(RequireEncryptionOperation.class)) { + RequireEncryptionOperation op = new RequireEncryptionOperation(operation.getTargets()); + op.setupDecoder(this); + break; + } + } + } + } public void verify(List<OperationDescription<RequireOperation>> requireOperations) throws WSSecurityException { @@ -167,12 +184,12 @@ if (operation.equals(RequireSignatureOperation.class)) { - op = new RequireSignatureOperation(header, store); + op = new RequireSignatureOperation(o.getTargets()); processedIds = signedIds; } else if (operation.equals(RequireEncryptionOperation.class)) { - op = new RequireEncryptionOperation(header, store); + op = new RequireEncryptionOperation(o.getTargets()); processedIds = encryptedIds; } else @@ -200,7 +217,7 @@ public void decode(Document message, Element headerElement) throws WSSecurityException { this.headerElement = headerElement; - this.header = new SecurityHeader(this.headerElement, store); + this.header = new SecurityHeader(this.headerElement, store, allowedKeyWrapAlgorithms, allowedEncAlgorithms); this.message = message; decode(); @@ -212,4 +229,15 @@ // message (required by the specification) detachHeader(); } + + public void setAllowedKeyWrapAlgorithms(List<String> allowedKeyWrapAlgorithms) + { + this.allowedKeyWrapAlgorithms = allowedKeyWrapAlgorithms; + } + + public void setAllowedEncAlgorithms(List<String> allowedEncAlgorithms) + { + this.allowedEncAlgorithms = allowedEncAlgorithms; + } + } Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -31,6 +31,7 @@ import javax.xml.rpc.soap.SOAPFaultException; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPHeader; +import javax.xml.soap.SOAPMessage; import javax.xml.ws.BindingProvider; import javax.xml.ws.WebServiceException; @@ -44,6 +45,7 @@ import org.jboss.ws.extensions.security.nonce.DefaultNonceFactory; import org.jboss.ws.extensions.security.nonce.NonceFactory; import org.jboss.ws.extensions.security.nonce.NonceGenerator; +import org.jboss.ws.extensions.security.RequireEncryptionOperation; import org.jboss.ws.metadata.umdm.EndpointMetaData; import org.jboss.ws.metadata.umdm.OperationMetaData; import org.jboss.ws.metadata.wsse.Authenticate; @@ -123,6 +125,7 @@ QName secQName = new QName(Constants.WSSE_NS, "Security"); Element secHeaderElement = (soapHeader != null) ? Util.findElement(soapHeader, secQName) : null; + boolean fault = soapMessage.getSOAPBody().getFault() != null; if (secHeaderElement == null) { @@ -158,7 +161,7 @@ Config operationConfig = getConfig(ctx, config, soapMessage); if (secHeaderElement != null) { - decodeHeader(ctx, config, operationConfig, soapMessage, secHeaderElement); + decodeHeader(config, actualConfig, soapMessage, secHeaderElement, fault); } authorize(operationConfig); @@ -174,8 +177,7 @@ } } - private static void decodeHeader(CommonMessageContext ctx, WSSecurityConfiguration configuration, Config operationConfig, SOAPMessageImpl message, - Element secHeaderElement) throws WSSecurityException, SOAPException + private static void decodeHeader(WSSecurityConfiguration configuration, Config config, SOAPMessage message, Element secHeaderElement, boolean fault) throws WSSecurityException, SOAPException { SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(), configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword()); @@ -183,25 +185,34 @@ Authenticate authenticate = null; - if (operationConfig != null) + if (config != null) { - authenticate = operationConfig.getAuthenticate(); + authenticate = config.getAuthenticate(); } - SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate); - + SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate); + List<OperationDescription<RequireOperation>> operations = buildRequireOperations(config, fault); + decoder.init(operations); decoder.decode(message.getSOAPPart(), secHeaderElement); if (log.isTraceEnabled()) log.trace("Decoded Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true)); - OperationMetaData opMetaData = ctx.getOperationMetaData(); + CommonMessageContext ctx = MessageContextAssociation.peekMessageContext(); + OperationMetaData opMetaData = null; + if(ctx != null) { + opMetaData = ctx.getOperationMetaData(); + }else if (log.isTraceEnabled()) { + log.warn("No CommonMessageContext Found"); + } + if (opMetaData == null) { // Get the operation meta data from the soap message // for the server side inbound message. EndpointMetaData epMetaData = ctx.getEndpointMetaData(); - opMetaData = message.getOperationMetaData(epMetaData); + SOAPMessageImpl soapMessage = (SOAPMessageImpl)ctx.getSOAPMessage(); + opMetaData = soapMessage.getOperationMetaData(epMetaData); } String operation = null; @@ -212,8 +223,6 @@ port = opMetaData.getEndpointMetaData().getPortName().getLocalPart(); } - List<OperationDescription<RequireOperation>> operations = buildRequireOperations(configuration, operation, port); - decoder.verify(operations); if (log.isDebugEnabled()) log.debug("Verification is successful"); @@ -325,9 +334,9 @@ return (operationConfig != null && operationConfig.getRequires() != null); } - private static List<OperationDescription<RequireOperation>> buildRequireOperations(WSSecurityConfiguration config, String operation, String port) + private static List<OperationDescription<RequireOperation>> buildRequireOperations(Config operationConfig, boolean fault) { - Config operationConfig = getConfig(config, port, operation); + if (operationConfig == null) return null; @@ -348,7 +357,7 @@ } RequireEncryption requireEncryption = requires.getRequireEncryption(); - if (requireEncryption != null) + if (requireEncryption != null && (!fault || requireEncryption.isIncludeFaults())) { List<Target> targets = convertTargets(requireEncryption.getTargets()); operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null)); Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -22,6 +22,9 @@ package org.jboss.ws.extensions.security.element; import java.security.PrivateKey; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; import javax.crypto.SecretKey; @@ -33,9 +36,11 @@ import org.jboss.ws.extensions.security.KeyResolver; import org.jboss.ws.extensions.security.Util; import org.jboss.ws.extensions.security.WSSecurityException; +import org.jboss.ws.extensions.security.operation.EncryptionAlgorithms; import org.w3c.dom.Document; import org.w3c.dom.Element; + /** * <code>EncryptedKey</code> represents the am XMLSecurity encrypted key. * @@ -54,6 +59,15 @@ private Element cachedElement; + private static HashMap<String, String> keyWrapAlgorithms; + private static final String DEFAULT_ALGORITHM = "rsa_15"; + static + { + keyWrapAlgorithms = new HashMap<String, String>(4); + keyWrapAlgorithms.put("rsa_15", XMLCipher.RSA_v1dot5); + keyWrapAlgorithms.put("rsa_oaep", XMLCipher.RSA_OAEP); + } + public EncryptedKey(Document document, SecretKey secretKey, X509Token token) { this(document, secretKey, token, new ReferenceList()); @@ -67,7 +81,7 @@ this.list = list; } - public EncryptedKey(Element element, KeyResolver resolver) throws WSSecurityException + public EncryptedKey(Element element, KeyResolver resolver, List<String> allowedKeyWrapAlgorithms, List<String> allowedEncAlgorithms) throws WSSecurityException { org.apache.xml.security.encryption.EncryptedKey key; XMLCipher cipher; @@ -84,6 +98,27 @@ } KeyInfo info = key.getKeyInfo(); + boolean supportedKeyWrapAlg = false; + final String kwa = key.getEncryptionMethod().getAlgorithm(); + for (Iterator<String> it = keyWrapAlgorithms.values().iterator(); it.hasNext() && !supportedKeyWrapAlg; ) { + String s = it.next(); + if (s.equals(kwa)) { + supportedKeyWrapAlg = true; + } + } + if (!supportedKeyWrapAlg) { + throw new WSSecurityException("Unsupported key wrap algorithm in received message: " + kwa); + } + if (allowedKeyWrapAlgorithms != null && !allowedKeyWrapAlgorithms.isEmpty()) { + boolean found = false; + for (Iterator<String> it = allowedKeyWrapAlgorithms.iterator(); it.hasNext() && !found; ) { + found = kwa.equals(keyWrapAlgorithms.get(it.next())); + } + if (!found) { + throw new WSSecurityException("Unexpected key wrap algorithm in received message: " + kwa); + } + } + if (info == null) throw new WSSecurityException("EncryptedKey element did not contain KeyInfo"); @@ -103,6 +138,15 @@ String alg = getKeyAlgorithm(element); if (alg == null) throw new WSSecurityException("Could not determine encrypted key algorithm!"); + if (allowedEncAlgorithms != null && !allowedEncAlgorithms.isEmpty()) { + boolean found = false; + for (Iterator<String> it = allowedEncAlgorithms.iterator(); it.hasNext() && !found; ) { + found = alg.equals(EncryptionAlgorithms.getAlgorithm(it.next())); + } + if (!found) { + throw new WSSecurityException("Unexpected encryption algorithm in received message: " + alg); + } + } try { @@ -190,4 +234,4 @@ { return list; } -} \ No newline at end of file +} Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -23,6 +23,7 @@ import java.util.HashMap; import java.util.LinkedList; +import java.util.List; import org.jboss.ws.extensions.security.BinarySecurityTokenValidator; import org.jboss.ws.extensions.security.Constants; @@ -56,13 +57,13 @@ // Looks like this is only for embedded tokens private LinkedList<SecurityTokenReference> securityTokenReferences = new LinkedList<SecurityTokenReference>(); - + public SecurityHeader(Document document) { this.document = document; } - - public SecurityHeader(Element element, SecurityStore store) throws WSSecurityException + + public SecurityHeader(Element element, SecurityStore store, List<String> allowedKeyWrapAlgorithms, List<String> allowedEncAlgorithms) throws WSSecurityException { document = element.getOwnerDocument(); KeyResolver resolver = new KeyResolver(store); @@ -86,7 +87,7 @@ else if (tag.equals("Signature")) securityProcesses.add(new Signature(child, resolver)); else if (tag.equals("EncryptedKey")) - securityProcesses.add(new EncryptedKey(child, resolver)); + securityProcesses.add(new EncryptedKey(child, resolver, allowedKeyWrapAlgorithms, allowedEncAlgorithms)); else if (tag.equals("ReferenceList")) throw new UnsupportedSecurityTokenException("ReferenceLists outside of encrypted keys (shared secrets) are not supported."); Added: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java (rev 0) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionAlgorithms.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -0,0 +1,94 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2013, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.ws.extensions.security.operation; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import org.apache.xml.security.encryption.XMLCipher; + +public final class EncryptionAlgorithms +{ + /** --- Keep private for security reasons --- **/ + private static class Algorithm + { + Algorithm(String jceName, String xmlName, int size) + { + this.jceName = jceName; + this.xmlName = xmlName; + this.size = size; + } + + public String jceName; + public String xmlName; + public int size; + } + private static Map<String, Algorithm> algorithms; + private static Map<String, String> algorithmsID; + /** ----------------------------------------- **/ + + public static final String DEFAULT_ALGORITHM = "aes-128"; + + static + { + algorithms = new HashMap<String, Algorithm>(4); + algorithms.put("aes-128", new Algorithm("AES", XMLCipher.AES_128, 128)); + algorithms.put("aes-192", new Algorithm("AES", XMLCipher.AES_192, 192)); + algorithms.put("aes-256", new Algorithm("AES", XMLCipher.AES_256, 256)); + algorithms.put("aes-128-gcm", new Algorithm("AES", XMLCipher.AES_128_GCM, 128)); + algorithms.put("aes-192-gcm", new Algorithm("AES", XMLCipher.AES_192_GCM, 192)); + algorithms.put("aes-256-gcm", new Algorithm("AES", XMLCipher.AES_256_GCM, 256)); + algorithms.put("tripledes", new Algorithm("TripleDes", XMLCipher.TRIPLEDES, 168)); + algorithms = Collections.unmodifiableMap(algorithms); + + algorithmsID = new HashMap<String, String>(4); + algorithmsID.put(XMLCipher.AES_128, "aes-128"); + algorithmsID.put(XMLCipher.AES_192, "aes-192"); + algorithmsID.put(XMLCipher.AES_256, "aes-256"); + algorithmsID.put(XMLCipher.TRIPLEDES, "tripledes"); + algorithmsID = Collections.unmodifiableMap(algorithmsID); + } + + public static boolean hasAlgorithm(String id) { + return algorithms.containsKey(id); + } + + public static String getAlgorithm(String id) { + Algorithm alg = algorithms.get(id); + return alg == null ? null : alg.xmlName; + } + + public static String getAlgorithmJceName(String id) { + Algorithm alg = algorithms.get(id); + return alg == null ? null : alg.jceName; + } + + public static int getAlgorithmSize(String id) { + Algorithm alg = algorithms.get(id); + return alg == null ? null : alg.size; + } + + public static String getAlgorithmID(String xmlName) { + return algorithmsID.get(xmlName); + } +} Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/RequireEncryption.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -21,6 +21,7 @@ */ package org.jboss.ws.metadata.wsse; + /** * <code>Sign</code> represents the sign tag, which declares that a message * should be signed. @@ -30,5 +31,43 @@ */ public class RequireEncryption extends Targetable { - private static final long serialVersionUID = 3765798680988205647L; + private static final long serialVersionUID = 3765798680988205648L; + + private boolean includeFaults; + + private String keyWrapAlgorithms; + + private String algorithms; + + public RequireEncryption(boolean includeFaults, String keyWrapAlgorithms, String algorithms) + { + this.includeFaults = includeFaults; + this.algorithms = algorithms; + this.keyWrapAlgorithms = keyWrapAlgorithms; + } + + public boolean isIncludeFaults() + { + return includeFaults; + } + + public String getdKeyWrapAlgorithms() + { + return keyWrapAlgorithms; + } + + public void setKeyWrapAlgorithms(String keyWrapAlgorithms) + { + this.keyWrapAlgorithms = keyWrapAlgorithms; + } + + public String getAlgorithms() + { + return algorithms; + } + + public void setAlgorithms(String algorithms) + { + this.algorithms = algorithms; + } } Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2013-06-04 16:11:17 UTC (rev 17649) @@ -452,13 +452,19 @@ public Object newChild(Requires requires, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs) { log.trace("newChild: " + localName); + if ("signature".equals(localName)) { return new RequireSignature(); } else if ("encryption".equals(localName)) { - return new RequireEncryption(); + boolean includeFaults = false; + String value = attrs.getValue("", "includeFaults"); + if (value != null) + includeFaults = (Boolean) SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, value, null); + + return new RequireEncryption(includeFaults, attrs.getValue("", "keyWrapAlgorithms"), attrs.getValue("", "algorithms")); } else if ("timestamp".equals(localName)) { Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/resources/schema/jboss-ws-security_1_0.xsd =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/resources/schema/jboss-ws-security_1_0.xsd 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/resources/schema/jboss-ws-security_1_0.xsd 2013-06-04 16:11:17 UTC (rev 17649) @@ -164,6 +164,16 @@ <xs:sequence> <xs:element name="targets" type="targetsType" minOccurs="0"/> </xs:sequence> + <xs:attribute name="algorithm" type="xs:string"> + <xs:annotation> + <xs:documentation>A blank space or comma separated list of algorithm ids that are allowed for the encrypted incoming message</xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="keyWrapAlgorithm" type="xs:string"> + <xs:annotation> + <xs:documentation>A blank space or comma separated list of algorithm ids that are allowed for the key wrapping in incoming message</xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> <xs:complexType name="requiresType"> <xs:all> @@ -240,6 +250,9 @@ <xs:enumeration value="aes-128"/> <xs:enumeration value="aes-192"/> <xs:enumeration value="aes-256"/> + <xs:enumeration value="aes-128-gcm"/> + <xs:enumeration value="aes-192-gcm"/> + <xs:enumeration value="aes-256-gcm"/> <xs:enumeration value="tripledes"/> </xs:restriction> </xs:simpleType> Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-06-04 16:11:17 UTC (rev 17649) @@ -3,9 +3,9 @@ <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> - <encrypt type="x509v3" algorithm="aes-128-gcm" alias="wsse"/> + <encrypt type="x509v3" algorithm="aes-192-gcm" keyWrapAlgorithm="rsa_oaep" alias="wsse"/> <requires> <encryption/> </requires> </config> -</jboss-ws-security> \ No newline at end of file +</jboss-ws-security> Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-06-04 09:53:35 UTC (rev 17648) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-06-04 16:11:17 UTC (rev 17649) @@ -7,9 +7,9 @@ <trust-store-file>WEB-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> - <encrypt type="x509v3" algorithm="aes-128-gcm" alias="wsse"/> + <encrypt type="x509v3" algorithm="aes-192-gcm" keyWrapAlgorithm="rsa_oaep" alias="wsse"/> <requires> - <encryption/> + <encryption algorithms="aes-192-gcm aes-256-gcm" keyWrapAlgorithms="rsa_oaep"/> </requires> </config> -</jboss-ws-security> \ No newline at end of file +</jboss-ws-security>

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17648 - in stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768: ant-import and 4 other directories.

by jbossws-commits＠lists.jboss.org

Author: mmusaji Date: 2013-06-04 05:53:35 -0400 (Tue, 04 Jun 2013) New Revision: 17648 Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/ant-import/macros-deploy-native.xml stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/Constants.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/STRTransform.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/version.properties Log: [JBPAPP-10768] Merged CVE-2011-1096 from JBPAPP-7601 -r17228 Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/ant-import/macros-deploy-native.xml =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/ant-import/macros-deploy-native.xml 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/ant-import/macros-deploy-native.xml 2013-06-04 09:53:35 UTC (rev 17648) @@ -143,6 +143,7 @@ <include name="policy.jar"/> <include name="stax-ex.jar"/> <include name="streambuffer.jar"/> + <include name="xmlsec.jar"/> <include name="wsdl4j.jar"/> </fileset> </copy> @@ -182,6 +183,7 @@ <include name="policy.jar"/> <include name="stax-ex.jar"/> <include name="streambuffer.jar"/> + <include name="xmlsec.jar"/> <include name="wsdl4j.jar"/>  <include name="jbossws-wsconsume-impl.jar"/> Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/Constants.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/Constants.java 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/Constants.java 2013-06-04 09:53:35 UTC (rev 17648) @@ -51,7 +51,7 @@ public static final String XML_ENCRYPTION_NS = EncryptionConstants.EncryptionSpecNS; - public static final String XML_ENCRYPTION_PREFIX = "xenc"; + public static final String XML_ENCRYPTION_PREFIX = "ds"; //xmlsec 1.4.2 requires this to be "ds" to correctly create KeyInfo elements public static final String ID = "Id"; Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-06-04 09:53:35 UTC (rev 17648) @@ -71,6 +71,9 @@ algorithms.put("aes-128", new Algorithm("AES", XMLCipher.AES_128, 128)); algorithms.put("aes-192", new Algorithm("AES", XMLCipher.AES_192, 192)); algorithms.put("aes-256", new Algorithm("AES", XMLCipher.AES_256, 256)); + algorithms.put("aes-128-gcm", new Algorithm("AES", XMLCipher.AES_128_GCM, 128)); + algorithms.put("aes-192-gcm", new Algorithm("AES", XMLCipher.AES_192_GCM, 192)); + algorithms.put("aes-256-gcm", new Algorithm("AES", XMLCipher.AES_256_GCM, 256)); algorithms.put("tripledes", new Algorithm("TripleDes", XMLCipher.TRIPLEDES, 168)); } Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/STRTransform.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/STRTransform.java 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/STRTransform.java 2013-06-04 09:53:35 UTC (rev 17648) @@ -22,6 +22,7 @@ package org.jboss.ws.extensions.security; import java.io.IOException; +import java.io.OutputStream; import javax.xml.parsers.ParserConfigurationException; @@ -91,7 +92,14 @@ @Override - protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input) throws IOException, CanonicalizationException, + protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, Transform transformObject) throws IOException, CanonicalizationException, + InvalidCanonicalizerException, TransformationException, ParserConfigurationException, SAXException + { + return enginePerformTransform(input, null, transformObject); + } + + @Override + protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os, Transform transformObject) throws IOException, CanonicalizationException, InvalidCanonicalizerException, TransformationException, ParserConfigurationException, SAXException { @@ -115,7 +123,7 @@ element = token.getSTRTransformElement(); // Obtain the canonicalizer specified in the transformation parameters - Element parameters = XMLUtils.selectNode(this._transformObject.getElement().getFirstChild(), Constants.WSSE_NS, + Element parameters = XMLUtils.selectNode(transformObject.getElement().getFirstChild(), Constants.WSSE_NS, "TransformationParameters", 0); if (parameters == null) throw new TransformationException("wsse:TransformationParameters expected!"); Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-06-04 09:53:35 UTC (rev 17648) @@ -75,6 +75,7 @@ try { cipher = XMLCipher.getInstance(); + cipher.init(XMLCipher.DECRYPT_MODE, null); key = cipher.loadEncryptedKey(element); } catch (XMLSecurityException e) Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/main/java/org/jboss/ws/extensions/security/element/SecurityHeader.java 2013-06-04 09:53:35 UTC (rev 17648) @@ -172,6 +172,7 @@ Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER); Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS); Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS); + Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS); if (timestamp != null) element.appendChild(timestamp.getElement()); Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/META-INF/jboss-wsse-client.xml 2013-06-04 09:53:35 UTC (rev 17648) @@ -3,7 +3,7 @@ <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> - <encrypt type="x509v3" alias="wsse"/> + <encrypt type="x509v3" algorithm="aes-128-gcm" alias="wsse"/> <requires> <encryption/> </requires> Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/src/test/resources/jaxws/samples/wssecurity/simple-encrypt/WEB-INF/jboss-wsse-server.xml 2013-06-04 09:53:35 UTC (rev 17648) @@ -7,7 +7,7 @@ <trust-store-file>WEB-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> - <encrypt type="x509v3" alias="wsse"/> + <encrypt type="x509v3" algorithm="aes-128-gcm" alias="wsse"/> <requires> <encryption/> </requires> Modified: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/version.properties =================================================================== --- stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/version.properties 2013-06-04 09:27:13 UTC (rev 17647) +++ stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/version.properties 2013-06-04 09:53:35 UTC (rev 17648) @@ -15,7 +15,7 @@ implementation.vendor.id=http://www.jboss.org # Thirdparty library versions that are referenced in component-info.xml -apache-xmlsec=1.3.0 +apache-xmlsec=1.5.2 ibm-wsdl4j=1.6.2 jbpm-bpel=1.1.0.Beta5 stax-api=1.0

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17647 - stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-04 05:27:13 -0400 (Tue, 04 Jun 2013) New Revision: 17647 Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java Log: Minor optimization / removal of duplicated code Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java 2013-06-04 08:58:46 UTC (rev 17646) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java 2013-06-04 09:27:13 UTC (rev 17647) @@ -1,6 +1,6 @@ /* * JBoss, Home of Professional Open Source. - * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * Copyright 2013, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * @@ -76,14 +76,11 @@ if (contextPath.startsWith("/")) contextPath = contextPath.substring(1); - final StringBuilder name = new StringBuilder(Endpoint.SEPID_DOMAIN + ":"); - name.append(Endpoint.SEPID_PROPERTY_CONTEXT + "=" + contextPath + ","); - name.append(Endpoint.SEPID_PROPERTY_ENDPOINT + "=" + servletName); - Endpoint endpoint = epRegistry.getEndpoint(ObjectNameFactory.create(name.toString())); + final ObjectName oname = ObjectNameFactory.create(Endpoint.SEPID_DOMAIN + ":" + Endpoint.SEPID_PROPERTY_CONTEXT + + "=" + contextPath + "," + Endpoint.SEPID_PROPERTY_ENDPOINT + "=" + servletName); + Endpoint endpoint = epRegistry.getEndpoint(oname); if (endpoint == null) { - ObjectName oname = ObjectNameFactory.create(Endpoint.SEPID_DOMAIN + ":" + Endpoint.SEPID_PROPERTY_CONTEXT - + "=" + contextPath + "," + Endpoint.SEPID_PROPERTY_ENDPOINT + "=" + servletName); throw Messages.MESSAGES.cannotObtainEndpoint(oname); }

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17646 - stack/native/branches.

by jbossws-commits＠lists.jboss.org

Author: mmusaji Date: 2013-06-04 04:58:46 -0400 (Tue, 04 Jun 2013) New Revision: 17646 Added: stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10768/ Log: [JBPAPP-10768] create one off patch branch from jbossws-native-2.0.1.SP2_CP11

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17645 - stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport.

by jbossws-commits＠lists.jboss.org

Author: jim.ma Date: 2013-06-04 00:58:51 -0400 (Tue, 04 Jun 2013) New Revision: 17645 Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java Log: [JBWS-3643]:Not iterate all endpoints from EndpointRegistry Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java 2013-06-03 10:33:38 UTC (rev 17644) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/transport/ServletHelper.java 2013-06-04 04:58:51 UTC (rev 17645) @@ -76,18 +76,10 @@ if (contextPath.startsWith("/")) contextPath = contextPath.substring(1); - Endpoint endpoint = null; - for (ObjectName sepId : epRegistry.getEndpoints()) - { - String propContext = sepId.getKeyProperty(Endpoint.SEPID_PROPERTY_CONTEXT); - String propEndpoint = sepId.getKeyProperty(Endpoint.SEPID_PROPERTY_ENDPOINT); - if (servletName.equals(propEndpoint) && contextPath.equals(propContext)) - { - endpoint = epRegistry.getEndpoint(sepId); - break; - } - } - + final StringBuilder name = new StringBuilder(Endpoint.SEPID_DOMAIN + ":"); + name.append(Endpoint.SEPID_PROPERTY_CONTEXT + "=" + contextPath + ","); + name.append(Endpoint.SEPID_PROPERTY_ENDPOINT + "=" + servletName); + Endpoint endpoint = epRegistry.getEndpoint(ObjectNameFactory.create(name.toString())); if (endpoint == null) { ObjectName oname = ObjectNameFactory.create(Endpoint.SEPID_DOMAIN + ":" + Endpoint.SEPID_PROPERTY_CONTEXT

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17644 - spi/trunk/src/main/java/org/jboss/wsf/spi/invocation.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-03 06:33:38 -0400 (Mon, 03 Jun 2013) New Revision: 17644 Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/RequestHandlerFactory.java Log: Restoring deprecated method in RequestHandlerImpl to avoid needing a jbossws-native stack release on AS 7.1/7.2 Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/RequestHandlerFactory.java =================================================================== --- spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/RequestHandlerFactory.java 2013-06-03 10:29:41 UTC (rev 17643) +++ spi/trunk/src/main/java/org/jboss/wsf/spi/invocation/RequestHandlerFactory.java 2013-06-03 10:33:38 UTC (rev 17644) @@ -29,5 +29,8 @@ */ public abstract class RequestHandlerFactory implements SPIView { + @Deprecated + public abstract RequestHandler newRequestHandler(); + public abstract RequestHandler getRequestHandler(); }

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17643 - common/trunk/src/test/java/org/jboss/test/ws/common.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-03 06:29:41 -0400 (Mon, 03 Jun 2013) New Revision: 17643 Removed: common/trunk/src/test/java/org/jboss/test/ws/common/URLLoaderAdapterTestCase.java Log: Removing legacy test Deleted: common/trunk/src/test/java/org/jboss/test/ws/common/URLLoaderAdapterTestCase.java =================================================================== --- common/trunk/src/test/java/org/jboss/test/ws/common/URLLoaderAdapterTestCase.java 2013-06-03 10:25:30 UTC (rev 17642) +++ common/trunk/src/test/java/org/jboss/test/ws/common/URLLoaderAdapterTestCase.java 2013-06-03 10:29:41 UTC (rev 17643) @@ -1,120 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2006, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.ws.common; - -import java.io.IOException; -import java.net.URL; -import java.util.List; - -import junit.framework.TestCase; - -import org.jboss.ws.common.URLLoaderAdapter; -import org.jboss.wsf.spi.deployment.UnifiedVirtualFile; - -/** - * Test the URLLoaderAdapter - * - * @author alessio.soldano(a)jboss.org - * @since 30-Oct-2008 - */ -public class URLLoaderAdapterTestCase extends TestCase -{ - public void testWithJar() throws Exception - { - //Getting the SPI jar url - ClassLoader cl = UnifiedVirtualFile.class.getClassLoader(); - URL rootURL = getJarUrl(cl.getResource("org/jboss/wsf/spi/deployment")); - assertNotNull(rootURL); - URLLoaderAdapter ula = new URLLoaderAdapter(rootURL); - - UnifiedVirtualFile deployment = ula.findChild("org/jboss/wsf/spi/deployment/"); - assertNotNull(deployment); - assertTrue(deployment.toURL().toExternalForm().contains("jar!")); //check we got a URL to a jar - assertEquals("deployment/", deployment.getName()); - List<UnifiedVirtualFile> children = deployment.getChildren(); - assertNotNull(children); - assertTrue(children.size() > 0); - UnifiedVirtualFile unifiedVirtualFile = null; - for (UnifiedVirtualFile uvf : children) - { - if (uvf.getName().equals(UnifiedVirtualFile.class.getSimpleName() + ".class")) - unifiedVirtualFile = uvf; - } - assertNotNull(unifiedVirtualFile); - assertTrue(unifiedVirtualFile.getChildren().size() == 0); - } - - public void testWithDir() throws Exception - { - ClassLoader cl = UnifiedVirtualFile.class.getClassLoader(); - URL rootURL = cl.getResource("org/jboss/ws/common/"); - assertNotNull(rootURL); - URLLoaderAdapter ula = new URLLoaderAdapter(rootURL); - - UnifiedVirtualFile common = ula.findChild("org/jboss/ws/common/"); - assertNotNull(common); - assertTrue(common.toURL().toExternalForm().contains("target/classes")); //check we got a URL to dir - assertEquals("common/", common.getName()); - List<UnifiedVirtualFile> children = common.getChildren(); - assertNotNull(children); - assertTrue(children.size() > 0); - UnifiedVirtualFile urlLoaderAdapter = null; - UnifiedVirtualFile utils = null; - for (UnifiedVirtualFile uvf : children) - { - if (uvf.getName().equals(URLLoaderAdapter.class.getSimpleName() + ".class")) - urlLoaderAdapter = uvf; - else if (uvf.getName().equals("utils/")) - utils = uvf; - } - assertNotNull(urlLoaderAdapter); - assertNotNull(utils); - assertTrue(urlLoaderAdapter.getChildren().size() == 0); - } - - public void testFailSafeGetChild() throws Exception - { - ClassLoader cl = UnifiedVirtualFile.class.getClassLoader(); - URL rootURL = getJarUrl(cl.getResource("org/jboss/wsf/spi/deployment")); - assertNotNull(rootURL); - URLLoaderAdapter ula = new URLLoaderAdapter(rootURL); - try { - ula.findChild("foo/bar/"); - fail("IOException expected"); - } catch (IOException e) { - //expected - } - try { - UnifiedVirtualFile uvf = ula.findChildFailSafe("foo/bar/"); - assertNull(uvf); - } catch (Exception e) { - fail("Exception not expected, 'null' should have been returned instead: " + e.getMessage()); - } - } - - private static URL getJarUrl(URL url) throws Exception - { - String urlString = url.toExternalForm(); - String jarRoot = urlString.substring(4, urlString.indexOf("ar!") + 2); - return new URL(jarRoot); - } -}

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17642 - common/trunk/src/main/java/org/jboss/ws/common/deployment.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-03 06:25:30 -0400 (Mon, 03 Jun 2013) New Revision: 17642 Modified: common/trunk/src/main/java/org/jboss/ws/common/deployment/DefaultLifecycleHandlerFactory.java Log: Removing @Deprecated method since 4.1.1.Final Modified: common/trunk/src/main/java/org/jboss/ws/common/deployment/DefaultLifecycleHandlerFactory.java =================================================================== --- common/trunk/src/main/java/org/jboss/ws/common/deployment/DefaultLifecycleHandlerFactory.java 2013-06-03 10:25:08 UTC (rev 17641) +++ common/trunk/src/main/java/org/jboss/ws/common/deployment/DefaultLifecycleHandlerFactory.java 2013-06-03 10:25:30 UTC (rev 17642) @@ -30,12 +30,6 @@ */ public class DefaultLifecycleHandlerFactory extends LifecycleHandlerFactory { - @Deprecated - public LifecycleHandler newLifecycleHandler() - { - return new DefaultLifecycleHandler(); - } - @Override public LifecycleHandler getLifecycleHandler() {

11 years, 7 months

1
0
0 / 0

JBossWS SVN: r17641 - common/trunk/src/main/java/org/jboss/ws/common.

by jbossws-commits＠lists.jboss.org

Author: alessio.soldano(a)jboss.com Date: 2013-06-03 06:25:08 -0400 (Mon, 03 Jun 2013) New Revision: 17641 Removed: common/trunk/src/main/java/org/jboss/ws/common/URLLoaderAdapter.java Log: Removing class deprecated since 4.1.0.Final Deleted: common/trunk/src/main/java/org/jboss/ws/common/URLLoaderAdapter.java =================================================================== --- common/trunk/src/main/java/org/jboss/ws/common/URLLoaderAdapter.java 2013-06-03 10:07:50 UTC (rev 17640) +++ common/trunk/src/main/java/org/jboss/ws/common/URLLoaderAdapter.java 2013-06-03 10:25:08 UTC (rev 17641) @@ -1,45 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2006, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.ws.common; - -import java.net.URL; - -/** - * Load resources through a URLClassLoader.<br> - * NOTE: The associated classloader doesn't do parent delegation. - * - * @deprecated Please use org.jboss.wsf.spi.util.URLLoaderAdapter instead - * - * @author Heiko.Braun(a)jboss.org - * @author alessio.soldano(a)jboss.com - * @since 25.01.2007 - */ -@Deprecated -public class URLLoaderAdapter extends org.jboss.wsf.spi.util.URLLoaderAdapter -{ - - public URLLoaderAdapter(URL rootURL) - { - super(rootURL); - } - -}

11 years, 7 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-commits June 2013