[jbossws-commits] JBossWS SVN: r5003 - in stack/native/branches/asoldano/trunk/src/main: java/org/jboss/ws/extensions/security/element and 2 other directories.

Author: alessio.soldano(a)jboss.com Date: 2007-11-07 15:15:20 -0500 (Wed, 07 Nov 2007) New Revision: 5003 Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/Reference.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Sign.java stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd Log: [JBWS-1257] Add configuration for token references Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -36,5 +36,5 @@ */ public interface EncodingOperation extends Operation { - public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap) throws WSSecurityException; + public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap, String tokenRefType) throws WSSecurityException; } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -37,6 +37,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException; import org.jboss.util.NotImplementedException; import org.jboss.ws.extensions.security.element.EncryptedKey; +import org.jboss.ws.extensions.security.element.Reference; import org.jboss.ws.extensions.security.element.ReferenceList; import org.jboss.ws.extensions.security.element.SecurityHeader; import org.jboss.ws.extensions.security.element.X509Token; @@ -128,7 +129,7 @@ } } - public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap) throws WSSecurityException + public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap, String tokenRefType) throws WSSecurityException { if (! algorithms.containsKey(algorithm)) algorithm = DEFAULT_ALGORITHM; @@ -166,10 +167,11 @@ if (token == null) { token = new X509Token(cert, message); - header.addToken(token); + if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType)) + header.addToken(token); } - EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list, wrap); + EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list, wrap, tokenRefType); header.addSecurityProcess(eKey); } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -41,8 +41,10 @@ private String algorithm; private String keyWrapAlgorithm; + + private String tokenRefType; - public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm, String keyWrapAlgorithm) + public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) { this.operation = operation; this.targets = targets; @@ -50,6 +52,7 @@ this.credential = credential; this.algorithm = algorithm; this.keyWrapAlgorithm = keyWrapAlgorithm; + this.tokenRefType = tokenRefType; } public Class<? extends T> getOperation() @@ -115,4 +118,14 @@ this.keyWrapAlgorithm = keyWrapAlgorithm; } + public String getTokenRefType() + { + return tokenRefType; + } + + public void setTokenRefType(String tokenRefType) + { + this.tokenRefType = tokenRefType; + } + } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -59,7 +59,10 @@ wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1"); soapHeader.insertBefore(wsse, soapHeader.getFirstChild()); } - catch (Exception e) {} + catch (Exception e) + { + e.printStackTrace(); + } } @@ -80,7 +83,7 @@ throw new WSSecurityException("Error constructing operation: " + op.getOperation()); } - operation.process(message, op.getTargets(), op.getCertificateAlias(), op.getCredential(), op.getAlgorithm(), op.getKeyWrapAlgorithm()); + operation.process(message, op.getTargets(), op.getCertificateAlias(), op.getCredential(), op.getAlgorithm(), op.getKeyWrapAlgorithm(), op.getTokenRefType()); } attachHeader(header, message); } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -40,7 +40,7 @@ this.store = store; } - public void process(Document message, List<Target> targets, String username, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException + public void process(Document message, List<Target> targets, String username, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException { header.addToken(new UsernameToken(username, credential, message)); } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -34,7 +34,7 @@ import org.apache.xml.security.transforms.TransformationException; import org.apache.xml.security.transforms.Transforms; import org.jboss.util.NotImplementedException; -import org.jboss.ws.extensions.security.element.DirectReference; +import org.jboss.ws.extensions.security.element.Reference; import org.jboss.ws.extensions.security.element.SecurityHeader; import org.jboss.ws.extensions.security.element.SecurityTokenReference; import org.jboss.ws.extensions.security.element.Signature; @@ -120,7 +120,7 @@ } } - public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException + public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException { Element envelope = message.getDocumentElement(); XMLSignature sig; @@ -168,10 +168,11 @@ if (token == null) { token = new X509Token(cert, message); - header.addToken(token); + if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType)) + header.addToken(token); } - SecurityTokenReference reference = new SecurityTokenReference(new DirectReference(message, token)); + SecurityTokenReference reference = new SecurityTokenReference(Reference.getReference(tokenRefType, message, token)); sig.getKeyInfo().addUnknownElement(reference.getElement()); header.addSecurityProcess(new Signature(sig)); Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -40,7 +40,7 @@ this.store = store; } - public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm) throws WSSecurityException + public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException { Integer ttl = null; Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -208,20 +208,20 @@ ArrayList<OperationDescription<RequireOperation>> operations = new ArrayList<OperationDescription<RequireOperation>>(); RequireTimestamp requireTimestamp = requires.getRequireTimestamp(); if (requireTimestamp != null) - operations.add(new OperationDescription<RequireOperation>(RequireTimestampOperation.class, null, requireTimestamp.getMaxAge(), null, null, null)); + operations.add(new OperationDescription<RequireOperation>(RequireTimestampOperation.class, null, requireTimestamp.getMaxAge(), null, null, null, null)); RequireSignature requireSignature = requires.getRequireSignature(); if (requireSignature != null) { List<Target> targets = convertTargets(requireSignature.getTargets()); - operations.add(new OperationDescription<RequireOperation>(RequireSignatureOperation.class, targets, null, null, null, null)); + operations.add(new OperationDescription<RequireOperation>(RequireSignatureOperation.class, targets, null, null, null, null, null)); } RequireEncryption requireEncryption = requires.getRequireEncryption(); if (requireEncryption != null) { List<Target> targets = convertTargets(requireEncryption.getTargets()); - operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null, null)); + operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null, null, null)); } return operations; @@ -251,7 +251,7 @@ Timestamp timestamp = opConfig.getTimestamp(); if (timestamp != null) { - operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null, null)); + operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null, null, null)); } if (opConfig.getUsername() != null) @@ -267,7 +267,7 @@ if (user != null && pass != null) { - operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null, null)); + operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user.toString(), pass.toString(), null, null, null)); ctx.put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE); } } @@ -279,20 +279,20 @@ if (sign.isIncludeTimestamp()) { if (timestamp == null) - operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, null, null, null)); + operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, null, null, null, null)); if (targets != null && targets.size() > 0) targets.add(new WsuIdTarget("timestamp")); } - operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null, null)); + operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null, null, sign.getTokenRefType())); } Encrypt encrypt = opConfig.getEncrypt(); if (encrypt != null) { List<Target> targets = convertTargets(encrypt.getTargets()); - operations.add(new OperationDescription<EncodingOperation>(EncryptionOperation.class, targets, encrypt.getAlias(), null, encrypt.getAlgorithm(), encrypt.getWrap())); + operations.add(new OperationDescription<EncodingOperation>(EncryptionOperation.class, targets, encrypt.getAlias(), null, encrypt.getAlgorithm(), encrypt.getWrap(), encrypt.getTokenRefType())); } if (operations.size() == 0) Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -57,6 +57,8 @@ private Element cachedElement; + private String tokenRefType; + private static HashMap<String, String> keyWrapAlgorithms; private static final String DEFAULT_ALGORITHM = "rsa_15"; static @@ -66,12 +68,12 @@ keyWrapAlgorithms.put("rsa_oaep", XMLCipher.RSA_OAEP); } - public EncryptedKey(Document document, SecretKey secretKey, X509Token token, String wrap) + public EncryptedKey(Document document, SecretKey secretKey, X509Token token, String wrap, String tokenRefType) { - this(document, secretKey, token, new ReferenceList(), wrap); + this(document, secretKey, token, new ReferenceList(), wrap, tokenRefType); } - public EncryptedKey(Document document, SecretKey secretKey, X509Token token, ReferenceList list, String wrap) + public EncryptedKey(Document document, SecretKey secretKey, X509Token token, ReferenceList list, String wrap, String tokenRefType) { this.document = document; this.secretKey = secretKey; @@ -80,6 +82,7 @@ this.wrapAlgorithm = keyWrapAlgorithms.get(wrap); if (wrapAlgorithm ==null) wrapAlgorithm = keyWrapAlgorithms.get(DEFAULT_ALGORITHM); + this.tokenRefType = tokenRefType; } public EncryptedKey(Element element, KeyResolver resolver) throws WSSecurityException @@ -178,7 +181,7 @@ throw new WSSecurityException("Error encrypting key: " + e.getMessage(), e); } - SecurityTokenReference reference = new SecurityTokenReference(new DirectReference(document, token)); + SecurityTokenReference reference = new SecurityTokenReference(Reference.getReference(tokenRefType, document, token)); KeyInfo keyInfo = new KeyInfo(document); keyInfo.addUnknownElement(reference.getElement()); key.setKeyInfo(keyInfo); Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/Reference.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/Reference.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/extensions/security/element/Reference.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -22,10 +22,15 @@ package org.jboss.ws.extensions.security.element; import org.jboss.ws.extensions.security.exception.WSSecurityException; +import org.w3c.dom.Document; import org.w3c.dom.Element; abstract public class Reference implements SecurityElement { + public static final String DIRECT_REFERENCE = "directReference"; + public static final String KEY_IDENTIFIER = "keyIdentifier"; + public static final String X509ISSUER_SERIAL = "x509IssuerSerial"; + public static Reference getReference(Element element) throws WSSecurityException { String name = element.getLocalName(); @@ -46,4 +51,24 @@ throw new WSSecurityException("Unkown reference element: " + name); } } + + public static Reference getReference(String tokenRefType, Document message, BinarySecurityToken token) throws WSSecurityException + { + if (tokenRefType == null || DIRECT_REFERENCE.equals(tokenRefType)) + { + return new DirectReference(message, token); + } + else if (KEY_IDENTIFIER.equals(tokenRefType)) + { + return new KeyIdentifier(message, token); + } + else if (X509ISSUER_SERIAL.equals(tokenRefType)) + { + return new X509IssuerSerial(message, token); + } + else + { + throw new WSSecurityException("Unkown token reference type: " + tokenRefType); + } + } } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Encrypt.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -38,13 +38,15 @@ private String alias; private String algorithm; private String keyWrapAlgorithm; + private String tokenRefType; - public Encrypt(String type, String alias, String algorithm, String wrap) + public Encrypt(String type, String alias, String algorithm, String wrap, String tokenRefType) { this.type = type; this.alias = alias; this.algorithm = algorithm; this.keyWrapAlgorithm = wrap; + this.tokenRefType = tokenRefType; } public String getAlias() @@ -86,4 +88,14 @@ { this.keyWrapAlgorithm = wrap; } + + public String getTokenRefType() + { + return tokenRefType; + } + + public void setTokenRefType(String tokenRefType) + { + this.tokenRefType = tokenRefType; + } } \ No newline at end of file Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Sign.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Sign.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/Sign.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -35,12 +35,14 @@ private String type; private String alias; private boolean includeTimestamp; + private String tokenRefType; - public Sign(String type, String alias, boolean includeTimestamp) + public Sign(String type, String alias, boolean includeTimestamp, String tokenRefType) { this.type = type; this.alias = alias; this.includeTimestamp = includeTimestamp; + this.tokenRefType = tokenRefType; } public String getAlias() @@ -72,4 +74,14 @@ { this.includeTimestamp = includeTimestamp; } + + public String getTokenRefType() + { + return tokenRefType; + } + + public void setTokenRefType(String tokenRefType) + { + this.tokenRefType = tokenRefType; + } } Modified: stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java =================================================================== --- stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-11-07 20:15:20 UTC (rev 5003) @@ -228,11 +228,11 @@ if (timestamp != null) include = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, timestamp, null); - return new Sign(attrs.getValue("", "type"), attrs.getValue("", "alias"), include.booleanValue()); + return new Sign(attrs.getValue("", "type"), attrs.getValue("", "alias"), include.booleanValue(), attrs.getValue("", "tokenReference")); } else if ("encrypt".equals(localName)) { - return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"), attrs.getValue("", "keyWrapAlgorithm")); + return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"), attrs.getValue("", "keyWrapAlgorithm"), attrs.getValue("", "tokenReference")); } else if ("timestamp".equals(localName)) { Modified: stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd =================================================================== --- stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-11-07 07:43:19 UTC (rev 5002) +++ stack/native/branches/asoldano/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-11-07 20:15:20 UTC (rev 5003) @@ -194,6 +194,11 @@ </xs:restriction> </xs:simpleType> </xs:attribute> + <xs:attribute name="tokenReference" type="tokenReferenceType" use="optional"> + <xs:annotation> + <xs:documentation>Specify the token reference type to be used; default direct reference to the token.</xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> <xs:complexType name="signType"> <xs:sequence> @@ -208,7 +213,19 @@ </xs:attribute> <xs:attribute name="alias" type="xs:string" use="required"/> <xs:attribute name="includeTimestamp" type="xs:boolean" use="optional"/> + <xs:attribute name="tokenReference" type="tokenReferenceType" use="optional"> + <xs:annotation> + <xs:documentation>Specify the token reference type to be used; default direct reference to the token.</xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> + <xs:simpleType name="tokenReferenceType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="directReference"/> + <xs:enumeration value="keyIdentifier"/> + <xs:enumeration value="x509IssuerSerial"/> + </xs:restriction> + </xs:simpleType> <xs:complexType name="operationType"> <xs:sequence> <xs:element name="config" type="configType">