JBossWS SVN: r17515 - in thirdparty/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/components/crypto and 3 other directories.
7:01 p.m.
Author: alessio.soldano(a)jboss.com
Date: 2013-04-26 13:01:52 -0400 (Fri, 26 Apr 2013)
New Revision: 17515
Added:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuite.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuiteValidator.java
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngine.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/Processor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/TimestampProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
thirdparty/wss4j/branches/1_5_x-fixes/test/wssec/MyProcessor.java
Log:
[JBPAPP-10708] Adding algorithm suite validation similar to current 1.6 impl
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -30,6 +30,7 @@
*/
public class WSDerivedKeyTokenPrincipal implements Principal {
+ private String algorithm;
private String id;
private String nonce;
private String label;
@@ -85,4 +86,11 @@
this.basetokenId = basetokenId;
}
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ public void setAlgorithm(String algorithm) {
+ this.algorithm = algorithm;
+ }
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngine.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngine.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/WSSecurityEngine.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -23,6 +23,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.processor.Processor;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -226,6 +227,16 @@
Crypto sigCrypto,
Crypto decCrypto)
throws WSSecurityException {
+ return processSecurityHeader(doc, actor, cb, sigCrypto, decCrypto, null);
+ }
+
+ public Vector processSecurityHeader(Document doc,
+ String actor,
+ CallbackHandler cb,
+ Crypto sigCrypto,
+ Crypto decCrypto,
+ RequestData requestData)
+ throws WSSecurityException {
doDebug = log.isDebugEnabled();
if (doDebug) {
@@ -242,7 +253,7 @@
if (doDebug) {
log.debug("Processing WS-Security header for '" + actor +
"' actor.");
}
- wsResult = processSecurityHeader(elem, cb, sigCrypto, decCrypto);
+ wsResult = processSecurityHeader(elem, cb, sigCrypto, decCrypto,
requestData);
}
return wsResult;
}
@@ -289,7 +300,8 @@
protected Vector processSecurityHeader(Element securityHeader,
CallbackHandler cb,
Crypto sigCrypto,
- Crypto decCrypto) throws WSSecurityException
{
+ Crypto decCrypto,
+ RequestData requestData) throws
WSSecurityException {
long t0 = 0, t1 = 0, t2 = 0;
if (tlog.isDebugEnabled()) {
@@ -325,7 +337,7 @@
* information about the processed token
*/
if (p != null) {
- p.handleToken((Element) elem, sigCrypto, decCrypto, cb, wsDocInfo,
returnResults, cfg);
+ p.handleToken((Element) elem, sigCrypto, decCrypto, cb, wsDocInfo,
returnResults, cfg, requestData);
wsDocInfo.setProcessor(p);
} else {
/*
Added:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuite.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuite.java
(rev 0)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuite.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.components.crypto;
+
+import java.util.HashSet;
+import java.util.Collections;
+import java.util.Set;
+
+/**
+ * This class holds the permitted values for encryption/signature/etc. algorithms on the
+ * inbound side. If the corresponding value is not null then the received algorithm must
+ * match the appropriate algorithm stored in this class.
+ */
+public class AlgorithmSuite {
+
+ private Set encryptionMethods = Collections.emptySet();
+ private Set keyWrapAlgorithms = Collections.emptySet();
+
+ private Set derivedKeyAlgorithms = Collections.emptySet();
+
+ private int maximumSymmetricKeyLength = 256;
+ private int minimumSymmetricKeyLength = 128;
+ private int maximumAsymmetricKeyLength = 4096;
+ private int minimumAsymmetricKeyLength = 1024;
+
+ public void addEncryptionMethod(String encryptionMethod) {
+ if (encryptionMethods.isEmpty()) {
+ encryptionMethods = new HashSet();
+ }
+ encryptionMethods.add(encryptionMethod);
+ }
+
+ public Set getEncryptionMethods() {
+ return encryptionMethods;
+ }
+
+ public void addKeyWrapAlgorithm(String keyWrapAlgorithm) {
+ if (keyWrapAlgorithms.isEmpty()) {
+ keyWrapAlgorithms = new HashSet();
+ }
+ keyWrapAlgorithms.add(keyWrapAlgorithm);
+ }
+
+ public Set getKeyWrapAlgorithms() {
+ return keyWrapAlgorithms;
+ }
+
+ public void addDerivedKeyAlgorithm(String derivedKeyAlgorithm) {
+ if (derivedKeyAlgorithms.isEmpty()) {
+ derivedKeyAlgorithms = new HashSet();
+ }
+ derivedKeyAlgorithms.add(derivedKeyAlgorithm);
+ }
+
+ public Set getDerivedKeyAlgorithms() {
+ return derivedKeyAlgorithms;
+ }
+
+ public int getMaximumSymmetricKeyLength() {
+ return maximumSymmetricKeyLength;
+ }
+
+ public void setMaximumSymmetricKeyLength(int maximumSymmetricKeyLength) {
+ this.maximumSymmetricKeyLength = maximumSymmetricKeyLength;
+ }
+
+ public int getMinimumAsymmetricKeyLength() {
+ return minimumAsymmetricKeyLength;
+ }
+
+ public void setMinimumAsymmetricKeyLength(int minimumAsymmetricKeyLength) {
+ this.minimumAsymmetricKeyLength = minimumAsymmetricKeyLength;
+ }
+
+ public int getMaximumAsymmetricKeyLength() {
+ return maximumAsymmetricKeyLength;
+ }
+
+ public void setMaximumAsymmetricKeyLength(int maximumAsymmetricKeyLength) {
+ this.maximumAsymmetricKeyLength = maximumAsymmetricKeyLength;
+ }
+
+ public int getMinimumSymmetricKeyLength() {
+ return minimumSymmetricKeyLength;
+ }
+
+ public void setMinimumSymmetricKeyLength(int minimumSymmetricKeyLength) {
+ this.minimumSymmetricKeyLength = minimumSymmetricKeyLength;
+ }
+
+}
Added:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuiteValidator.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuiteValidator.java
(rev 0)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AlgorithmSuiteValidator.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -0,0 +1,134 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.components.crypto;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Set;
+
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * Validate signature/encryption/etc. algorithms against an AlgorithmSuite policy.
+ */
+public class AlgorithmSuiteValidator {
+
+ private static final org.apache.commons.logging.Log LOG =
org.apache.commons.logging.LogFactory
+ .getLog(AlgorithmSuiteValidator.class);
+
+ private final AlgorithmSuite algorithmSuite;
+
+ public AlgorithmSuiteValidator(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ public void checkEncryptionKeyWrapAlgorithm(
+ String keyWrapAlgorithm
+ ) throws WSSecurityException {
+ Set keyWrapAlgorithms = algorithmSuite.getKeyWrapAlgorithms();
+ if (!keyWrapAlgorithms.isEmpty()
+ && !keyWrapAlgorithms.contains(keyWrapAlgorithm)) {
+ LOG.debug(
+ "The Key transport method does not match the requirement"
+ );
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ }
+
+ public void checkSymmetricEncryptionAlgorithm(
+ String symmetricAlgorithm
+ ) throws WSSecurityException {
+ Set encryptionMethods = algorithmSuite.getEncryptionMethods();
+ if (!encryptionMethods.isEmpty()
+ && !encryptionMethods.contains(symmetricAlgorithm)) {
+ LOG.debug(
+ "The encryption algorithm does not match the requirement"
+ );
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ }
+
+ /**
+ * Check the asymmetric key length
+ */
+ public void checkAsymmetricKeyLength(X509Certificate x509Certificate) throws
WSSecurityException {
+ if (x509Certificate == null) {
+ return;
+ }
+
+ checkAsymmetricKeyLength(x509Certificate.getPublicKey());
+ }
+
+ /**
+ * Check the asymmetric key length
+ */
+ public void checkAsymmetricKeyLength(PublicKey publicKey) throws WSSecurityException
{
+ if (publicKey == null) {
+ return;
+ }
+ if (publicKey instanceof RSAPublicKey) {
+ int modulus = ((RSAPublicKey)publicKey).getModulus().bitLength();
+ if (modulus < algorithmSuite.getMinimumAsymmetricKeyLength()
+ || modulus > algorithmSuite.getMaximumAsymmetricKeyLength()) {
+ LOG.debug("The asymmetric key length does not match the
requirement");
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ } else if (publicKey instanceof DSAPublicKey) {
+ int length = ((DSAPublicKey)publicKey).getParams().getP().bitLength();
+ if (length < algorithmSuite.getMinimumAsymmetricKeyLength()
+ || length > algorithmSuite.getMaximumAsymmetricKeyLength()) {
+ LOG.debug("The asymmetric key length does not match the
requirement");
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ } else {
+ LOG.debug("An unknown public key was provided");
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ }
+
+ /**
+ * Check the symmetric key length
+ */
+ public void checkSymmetricKeyLength(int secretKeyLength) throws WSSecurityException
{
+ if (secretKeyLength < (algorithmSuite.getMinimumSymmetricKeyLength() / 8)
+ || secretKeyLength > (algorithmSuite.getMaximumSymmetricKeyLength() / 8))
{
+ LOG.debug("The symmetric key length does not match the
requirement");
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ }
+
+ /**
+ * Check Derived Key algorithm
+ */
+ public void checkDerivedKeyAlgorithm(
+ String algorithm
+ ) throws WSSecurityException {
+ Set derivedKeyAlgorithms = algorithmSuite.getDerivedKeyAlgorithms();
+ if (!derivedKeyAlgorithms.isEmpty()
+ && !derivedKeyAlgorithms.contains(algorithm)) {
+ LOG.debug(
+ "The Derived Key Algorithm does not match the requirement"
+ );
+ throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
+ }
+ }
+}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/RequestData.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -22,6 +22,7 @@
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.token.UsernameToken;
@@ -66,6 +67,7 @@
private int derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
private boolean useDerivedKeyForMAC = true;
private boolean useSingleCert = true;
+ private AlgorithmSuite algorithmSuite;
public void clear() {
soapConstants = null;
@@ -85,6 +87,7 @@
derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
useDerivedKeyForMAC = true;
useSingleCert = true;
+ algorithmSuite = null;
}
public Object getMsgContext() {
@@ -370,4 +373,12 @@
public boolean isUseSingleCert() {
return useSingleCert;
}
+
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -29,6 +29,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.action.Action;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecHeader;
@@ -250,8 +251,26 @@
}
}
+ protected void decodeAlgorithmSuite(RequestData reqData) throws WSSecurityException
{
+ Object mc = reqData.getMsgContext();
+ if (mc == null || reqData.getAlgorithmSuite() != null) {
+ return;
+ }
+
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+
+ String encrAlgorithm = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
+ if (encrAlgorithm != null && !"".equals(encrAlgorithm)) {
+ algorithmSuite.addEncryptionMethod(encrAlgorithm);
+ }
+ String transportAlgorithm = getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
+ if (transportAlgorithm != null &&
!"".equals(transportAlgorithm)) {
+ algorithmSuite.addKeyWrapAlgorithm(transportAlgorithm);
+ }
+
+ reqData.setAlgorithmSuite(algorithmSuite);
+ }
-
protected void doReceiverAction(int doAction, RequestData reqData)
throws WSSecurityException {
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -25,6 +25,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.X509Security;
@@ -80,6 +81,19 @@
Vector returnResults,
WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData requestData
+ ) throws WSSecurityException {
if (crypto == null) {
this.getCertificatesTokenReference(elem, decCrypto);
} else {
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -24,10 +24,13 @@
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
+import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.dkalgo.AlgoFactory;
import org.apache.ws.security.conversation.dkalgo.DerivationAlgorithm;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
@@ -71,9 +74,32 @@
Vector returnResults,
WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData requestData
+ ) throws WSSecurityException {
// Deserialize the DKT
dkt = new DerivedKeyToken(elem);
+
+ // Check for compliance against the defined AlgorithmSuite
+ if (requestData != null) {
+ AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
+ if (algorithmSuite != null) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
+ algorithmSuiteValidator.checkDerivedKeyAlgorithm(dkt.getAlgorithm());
+ }
+ }
+
this.extractSecret(wsDocInfo, dkt, cb, crypto);
String tempNonce = dkt.getNonce();
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedDataProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedDataProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedDataProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -24,7 +24,10 @@
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
+import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -60,6 +63,19 @@
Vector returnResults,
WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData requestData
+ ) throws WSSecurityException {
Element kiElem = (Element)WSSecurityUtil.findElement(elem, "KeyInfo",
WSConstants.SIG_NS);
NodeList children = kiElem.getChildNodes();
@@ -74,7 +90,7 @@
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
EncryptedKeyProcessor encrKeyProc = new EncryptedKeyProcessor();
encrKeyProc.handleToken(
- (Element)child, crypto, decCrypto, cb, wsDocInfo, returnResults,
config
+ (Element)child, crypto, decCrypto, cb, wsDocInfo, returnResults,
config, requestData
);
symmKey = encrKeyProc.getDecryptedBytes();
break;
@@ -83,6 +99,17 @@
String encAlgo = X509Util.getEncAlgo(elem);
SecretKey key = WSSecurityUtil.prepareSecretKey(encAlgo, symmKey);
+ // Check for compliance against the defined AlgorithmSuite
+ if (requestData != null) {
+ AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
+ if (algorithmSuite != null) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
+
+
algorithmSuiteValidator.checkSymmetricKeyLength(key.getEncoded().length);
+ algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(encAlgo);
+ }
+ }
+
// initialize Cipher ....
XMLCipher xmlCipher = null;
try {
@@ -115,7 +142,7 @@
QName el = new QName(decryptedElem.getNamespaceURI(),
decryptedElem.getLocalName());
Processor proc = config.getProcessor(el);
proc.handleToken(
- decryptedElem, crypto, decCrypto, cb, wsDocInfo, returnResults, config
+ decryptedElem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
requestData
);
wsDocInfo.setProcessor(proc);
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -28,7 +28,10 @@
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
+import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.SAMLKeyInfo;
@@ -74,13 +77,26 @@
private WSDocInfo docInfo = null;
public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig wsc
+ ) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+
+ public void handleToken(
Element elem,
Crypto crypto,
Crypto decCrypto,
CallbackHandler cb,
WSDocInfo wsDocInfo,
Vector returnResults,
- WSSConfig wsc
+ WSSConfig wsc,
+ RequestData requestData
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found encrypted key element");
@@ -92,7 +108,7 @@
throw new WSSecurityException(WSSecurityException.FAILURE,
"noCallback");
}
docInfo = wsDocInfo;
- ArrayList dataRefUris = handleEncryptedKey((Element) elem, cb, decCrypto);
+ ArrayList dataRefUris = handleEncryptedKey((Element) elem, cb, decCrypto,
requestData);
encryptedKeyId = elem.getAttributeNS(null, "Id");
WSSecurityEngineResult result = new WSSecurityEngineResult(
@@ -114,23 +130,26 @@
public ArrayList handleEncryptedKey(
Element xencEncryptedKey,
CallbackHandler cb,
- Crypto crypto
+ Crypto crypto,
+ RequestData requestData
) throws WSSecurityException {
- return handleEncryptedKey(xencEncryptedKey, cb, crypto, null);
+ return handleEncryptedKey(xencEncryptedKey, cb, crypto, null, requestData);
}
public ArrayList handleEncryptedKey(
Element xencEncryptedKey,
- PrivateKey privatekey
+ PrivateKey privatekey,
+ RequestData requestData
) throws WSSecurityException {
- return handleEncryptedKey(xencEncryptedKey, null, null, privatekey);
+ return handleEncryptedKey(xencEncryptedKey, null, null, privatekey,
requestData);
}
public ArrayList handleEncryptedKey(
Element xencEncryptedKey,
CallbackHandler cb,
Crypto crypto,
- PrivateKey privateKey
+ PrivateKey privateKey,
+ RequestData requestData
) throws WSSecurityException {
long t0 = 0, t1 = 0, t2 = 0;
if (tlog.isDebugEnabled()) {
@@ -359,6 +378,15 @@
}
}
+ // Check for compliance against the defined AlgorithmSuite
+ AlgorithmSuite algorithmSuite = requestData != null ?
requestData.getAlgorithmSuite() : null;
+ if (algorithmSuite != null) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
+
+ algorithmSuiteValidator.checkAsymmetricKeyLength(cert);
+
algorithmSuiteValidator.checkEncryptionKeyWrapAlgorithm(encryptedKeyTransportMethod);
+ }
+
try {
cipher.init(Cipher.DECRYPT_MODE, privateKey);
} catch (Exception e1) {
@@ -381,7 +409,7 @@
}
ArrayList dataRefs =
- decryptDataRefs(dataRefURIs, xencEncryptedKey.getOwnerDocument(),
decryptedBytes);
+ decryptDataRefs(dataRefURIs, xencEncryptedKey.getOwnerDocument(),
decryptedBytes, algorithmSuite);
if (tlog.isDebugEnabled()) {
t2 = System.currentTimeMillis();
@@ -454,7 +482,7 @@
* Decrypt all data references
*/
private ArrayList decryptDataRefs(
- List dataRefURIs, Document doc, byte[] decryptedBytes
+ List dataRefURIs, Document doc, byte[] decryptedBytes, AlgorithmSuite
algorithmSuite
) throws WSSecurityException {
//
// At this point we have the decrypted session (symmetric) key. According
@@ -466,7 +494,7 @@
ArrayList dataRefs = new ArrayList();
for (int i = 0; i < dataRefURIs.size(); i++) {
String dataRefURI = (String)dataRefURIs.get(i);
- WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
+ WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes,
algorithmSuite);
dataRefs.add(dataRef);
}
return dataRefs;
@@ -499,7 +527,8 @@
private WSDataRef decryptDataRef(
Document doc,
String dataRefURI,
- byte[] decryptedData
+ byte[] decryptedData,
+ AlgorithmSuite algorithmSuite
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("found data reference: " + dataRefURI);
@@ -516,6 +545,14 @@
SecretKey symmetricKey =
WSSecurityUtil.prepareSecretKey(symEncAlgo, decryptedData);
+ // Check for compliance against the defined AlgorithmSuite
+ if (algorithmSuite != null) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
+
+
algorithmSuiteValidator.checkSymmetricKeyLength(symmetricKey.getEncoded().length);
+ algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(symEncAlgo);
+ }
+
return ReferenceListProcessor.decryptEncryptedData(
doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
);
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/Processor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/Processor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/Processor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -23,6 +23,7 @@
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.w3c.dom.Element;
import javax.security.auth.callback.CallbackHandler;
@@ -40,6 +41,17 @@
WSSConfig config
) throws WSSecurityException;
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData requestData
+ ) throws WSSecurityException;
+
/**
* Get the Id of the processor.
*
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/ReferenceListProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -35,7 +35,10 @@
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
+import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLKeyInfo;
@@ -56,13 +59,26 @@
WSDocInfo wsDocInfo = null;
public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wdi,
+ Vector returnResults,
+ WSSConfig wsc
+ ) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wdi, returnResults, wsc, null);
+ }
+
+ public void handleToken(
Element elem,
Crypto crypto,
Crypto decCrypto,
CallbackHandler cb,
WSDocInfo wdi,
Vector returnResults,
- WSSConfig wsc
+ WSSConfig wsc,
+ RequestData data
) throws WSSecurityException {
debug = log.isDebugEnabled();
@@ -73,7 +89,7 @@
throw new WSSecurityException(WSSecurityException.FAILURE,
"noCallback");
}
wsDocInfo = wdi;
- ArrayList uris = handleReferenceList(elem, cb, decCrypto);
+ ArrayList uris = handleReferenceList(elem, cb, decCrypto, data != null ?
data.getAlgorithmSuite() : null);
returnResults.add(
0,
new WSSecurityEngineResult(WSConstants.ENCR, uris)
@@ -91,7 +107,8 @@
private ArrayList handleReferenceList(
Element elem,
CallbackHandler cb,
- Crypto crypto
+ Crypto crypto,
+ AlgorithmSuite algorithmSuite
) throws WSSecurityException {
Node tmpE = null;
ArrayList dataRefUris = new ArrayList();
@@ -111,7 +128,7 @@
dataRefURI = dataRefURI.substring(1);
}
WSDataRef dataRef =
- decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb,
crypto);
+ decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb,
crypto, algorithmSuite);
dataRefUris.add(dataRef);
}
}
@@ -127,7 +144,8 @@
Document doc,
String dataRefURI,
CallbackHandler cb,
- Crypto crypto
+ Crypto crypto,
+ AlgorithmSuite algorithmSuite
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found data reference: " + dataRefURI);
@@ -163,6 +181,14 @@
getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb);
}
+ // Check for compliance against the defined AlgorithmSuite
+ if (algorithmSuite != null) {
+ AlgorithmSuiteValidator algorithmSuiteValidator = new
AlgorithmSuiteValidator(algorithmSuite);
+
+
algorithmSuiteValidator.checkSymmetricKeyLength(symmetricKey.getEncoded().length);
+ algorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(symEncAlgo);
+ }
+
return
decryptEncryptedData(
doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SAMLTokenProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SAMLTokenProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -27,6 +27,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.w3c.dom.Element;
@@ -49,6 +50,19 @@
Vector returnResults,
WSSConfig wsc
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig wsc,
+ RequestData requestData
+ ) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SAML Assertion element");
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SecurityContextTokenProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SecurityContextTokenProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -26,6 +26,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.w3c.dom.Element;
@@ -69,6 +70,19 @@
Vector returnResults,
WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config, null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData requestData
+ ) throws WSSecurityException {
SecurityContextToken sct = new SecurityContextToken(elem);
this.identifier = sct.getIdentifier();
this.secret = this.getSecret(cb, sct);
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureConfirmationProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -27,6 +27,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SignatureConfirmation;
import org.w3c.dom.Element;
@@ -47,6 +48,19 @@
Vector returnResults,
WSSConfig wsc
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig wsc,
+ RequestData requestData
+ ) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found SignatureConfirmation list element");
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -36,6 +36,7 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.EnvelopeIdResolver;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.DerivedKeyToken;
@@ -99,6 +100,19 @@
Vector returnResults,
WSSConfig wsc
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig wsc,
+ RequestData requestData
+ ) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found signature element");
}
@@ -117,7 +131,7 @@
verifyXMLSignature(
elem, crypto, returnCert, returnElements,
protectedElements, signatureValue, cb,
- wsDocInfo
+ wsDocInfo, requestData
);
} catch (WSSecurityException ex) {
throw ex;
@@ -208,7 +222,8 @@
List protectedElements,
byte[][] signatureValue,
CallbackHandler cb,
- WSDocInfo wsDocInfo
+ WSDocInfo wsDocInfo,
+ RequestData requestData
) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Verify XML Signature");
@@ -293,7 +308,7 @@
);
}
EncryptedKeyProcessor encryptKeyProcessor = new
EncryptedKeyProcessor();
- encryptKeyProcessor.handleEncryptedKey(token, cb, crypto);
+ encryptKeyProcessor.handleEncryptedKey(token, cb, crypto,
requestData);
secretKey = encryptKeyProcessor.getDecryptedBytes();
} else {
// Try custom token through callback handler
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/TimestampProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/TimestampProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/TimestampProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -27,6 +27,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
@@ -51,6 +52,19 @@
Vector returnResults,
WSSConfig wsc
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+
+ public void handleToken(
+ Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig wsc,
+ RequestData requestData
+ ) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found Timestamp list element");
}
Modified:
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java
===================================================================
---
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java 2013-04-26
14:06:06 UTC (rev 17514)
+++
thirdparty/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/UsernameTokenProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
@@ -29,6 +29,7 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Element;
@@ -51,6 +52,10 @@
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws
WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc, null);
+ }
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
+ WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc, RequestData
requestData) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Found UsernameToken list element");
}
Modified: thirdparty/wss4j/branches/1_5_x-fixes/test/wssec/MyProcessor.java
===================================================================
--- thirdparty/wss4j/branches/1_5_x-fixes/test/wssec/MyProcessor.java 2013-04-26 14:06:06
UTC (rev 17514)
+++ thirdparty/wss4j/branches/1_5_x-fixes/test/wssec/MyProcessor.java 2013-04-26 17:01:52
UTC (rev 17515)
@@ -20,6 +20,7 @@
package wssec;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.processor.Processor;
import org.apache.ws.security.WSConstants;
@@ -43,6 +44,20 @@
final java.util.Vector returnResults,
final WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+
+ public final void
+ handleToken(
+ final org.w3c.dom.Element elem,
+ final Crypto crypto,
+ final Crypto decCrypto,
+ final javax.security.auth.callback.CallbackHandler cb,
+ final WSDocInfo wsDocInfo,
+ final java.util.Vector returnResults,
+ final WSSConfig config,
+ final RequestData requestData
+ ) throws WSSecurityException {
final java.util.Map result =
new WSSecurityEngineResult(
WSConstants.UT_SIGN,
4269
days inactive
4269
days old
jbossws-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jbossws-commits@lists.jboss.org