[jbossws-commits] JBossWS SVN: r5908 - in stack/native/trunk: src/main/java/org/jboss/ws/extensions/security and 11 other directories.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Mon Mar 10 13:50:56 EDT 2008
Author: alessio.soldano at jboss.com
Date: 2008-03-10 13:50:55 -0400 (Mon, 10 Mar 2008)
New Revision: 5908
Added:
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecodingOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncodingOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/Operation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/OperationDescription.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveUsernameOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireSignatureOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTargetableOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTimestampOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SendUsernameOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureVerificationOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampVerificationOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TokenOperation.java
stack/native/trunk/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/UsernamePwdDigestTestCase.java
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-web.xml
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-wsse-server.xml
stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml
Removed:
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecodingOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/Operation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTimestampOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureVerificationOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampVerificationOperation.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TokenOperation.java
Modified:
stack/native/trunk/ant-import-tests/build-samples-jaxws.xml
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/Username.java
stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
stack/native/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd
stack/native/trunk/src/test/java/org/jboss/test/ws/interop/nov2007/wsse/EncryptTestCase.java
stack/native/trunk/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java
Log:
- Refactoring security operation model to support future extensibility
- [JBWS-1988] Preparing test (still WIP)
Modified: stack/native/trunk/ant-import-tests/build-samples-jaxws.xml
===================================================================
--- stack/native/trunk/ant-import-tests/build-samples-jaxws.xml 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/ant-import-tests/build-samples-jaxws.xml 2008-03-10 17:50:55 UTC (rev 5908)
@@ -271,6 +271,19 @@
<include name="jboss-wsse-server.xml"/>
</webinf>
</war>
+
+ <!-- jaxws-samples-wssecurity-username-digest -->
+ <war warfile="${tests.output.dir}/libs/jaxws-samples-wssecurity-username-digest.war"
+ webxml="${tests.output.dir}/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml">
+ <classes dir="${tests.output.dir}/classes">
+ <include name="org/jboss/test/ws/jaxws/samples/wssecurity/UsernameEndpoint.class"/>
+ <include name="org/jboss/test/ws/jaxws/samples/wssecurity/UsernameBean.class"/>
+ </classes>
+ <webinf dir="${tests.output.dir}/resources/jaxws/samples/wssecurity/username-digest/WEB-INF">
+ <include name="jboss-web.xml"/>
+ <include name="jboss-wsse-server.xml"/>
+ </webinf>
+ </war>
<!-- jaxws-samples-wssecurityAnnotatedpolicy-encrypt -->
<war warfile="${tests.output.dir}/libs/jaxws-samples-wssecurityAnnotatedpolicy-encrypt.war"
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecodingOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecodingOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecodingOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,41 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.Collection;
-
-import org.jboss.ws.extensions.security.element.SecurityProcess;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-/**
- * <code>DecodingOperation</code> represents an operation that is applied to a
- * WS-Security encoded message to both convert and verify the contents of the
- * message.
- *
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public interface DecodingOperation extends Operation
-{
- public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException;
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,148 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.Collection;
-import java.util.HashSet;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.jboss.ws.extensions.security.element.EncryptedKey;
-import org.jboss.ws.extensions.security.element.ReferenceList;
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.SecurityProcess;
-import org.jboss.ws.extensions.security.exception.FailedCheckException;
-import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class DecryptionOperation implements DecodingOperation
-{
-
- private SecurityHeader header;
-
- private SecurityStore store;
-
- public DecryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- this.header = header;
- this.store = store;
- }
-
- private boolean isContent(Element element)
- {
- return Constants.XENC_CONTENT_TYPE.equals(element.getAttribute("Type"));
- }
-
- private String getEncryptionAlgorithm(Element element) throws WSSecurityException
- {
- element = Util.findElement(element, "EncryptionMethod", Constants.XML_ENCRYPTION_NS);
- if (element == null)
- throw new InvalidSecurityHeaderException("Encrypted element corrupted, no encryption method");
-
- String alg = element.getAttribute("Algorithm");
- if (alg == null || alg.length() == 0)
- throw new InvalidSecurityHeaderException("Encrypted element corrupted, no algorithm specified");
-
- return alg;
- }
-
- private String decryptElement(Element element, SecretKey key) throws WSSecurityException
- {
- Element previous;
- boolean parent;
- boolean isContent;
-
- // We find the decrypted element by traversing to the element before the
- // encrypted data. If there is no sibling before the encrypted data, then
- // we traverse to the parent.
- // "Now take a step back . . . and then a step forward . . . and then a
- // step back . . . and then we're cha-chaing." -Chris Knight
- parent = isContent = isContent(element);
- if (parent)
- {
- previous = (Element) element.getParentNode();
- }
- else
- {
- previous = Util.getPreviousSiblingElement(element);
- if (previous == null)
- {
- parent = true;
- previous = (Element) element.getParentNode();
- }
- }
-
- String alg = getEncryptionAlgorithm(element);
- try
- {
- XMLCipher cipher = XMLCipher.getInstance(alg);
- cipher.init(XMLCipher.DECRYPT_MODE, key);
- cipher.doFinal(element.getOwnerDocument(), element);
- }
- catch (XMLEncryptionException e)
- {
- throw new FailedCheckException("Decryption was invalid.");
- }
- catch (Exception e)
- {
- throw new WSSecurityException("Could not decrypt element: " + e.getMessage(), e);
- }
-
- if (isContent)
- return Util.getWsuId(previous);
-
- Element decrypted = (parent) ? Util.getFirstChildElement(previous) : Util.getNextSiblingElement(previous);
- if (decrypted == null)
- return null;
-
- return Util.getWsuId(decrypted);
- }
-
- private boolean isEncryptedData(Element element)
- {
- return "EncryptedData".equals(element.getLocalName()) && Constants.XML_ENCRYPTION_NS.equals(element.getNamespaceURI());
- }
-
- public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException
- {
- Collection<String> ids = new HashSet<String>();
- EncryptedKey key = (EncryptedKey) process;
- ReferenceList list = key.getReferenceList();
- for (String uri : list.getAllReferences())
- {
- Element element = Util.findElementByWsuId(message.getDocumentElement(), uri);
- if (element == null)
- throw new WSSecurityException("A reference list refered to an element that was not found: " + uri);
-
- if (!isEncryptedData(element))
- throw new WSSecurityException("Malformed reference list, a non encrypted data element was referenced: " + uri);
-
- ids.add(decryptElement(element, key.getSecretKey()));
- }
-
- return ids;
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,40 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.List;
-
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-/**
- * <code>EncodingOperation</code> represents an encoding operation that is
- * applied to a standard SOAP message, transforming it into a WS-Security
- * encoded message.
- *
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public interface EncodingOperation extends Operation
-{
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap, String tokenRefType) throws WSSecurityException;
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,231 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
-
-import org.apache.xml.security.encryption.EncryptedData;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.jboss.util.NotImplementedException;
-import org.jboss.ws.extensions.security.element.EncryptedKey;
-import org.jboss.ws.extensions.security.element.Reference;
-import org.jboss.ws.extensions.security.element.ReferenceList;
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.X509Token;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class EncryptionOperation implements EncodingOperation
-{
- private SecurityHeader header;
-
- private SecurityStore store;
-
- private static class Algorithm
- {
- Algorithm(String jceName, String xmlName, int size)
- {
- this.jceName = jceName;
- this.xmlName = xmlName;
- this.size = size;
- }
-
- public String jceName;
- public String xmlName;
- public int size;
- }
-
- private static HashMap<String, Algorithm> algorithms;
-
- private static final String DEFAULT_ALGORITHM = "aes-128";
-
- static
- {
- algorithms = new HashMap<String, Algorithm>(4);
- algorithms.put("aes-128", new Algorithm("AES", XMLCipher.AES_128, 128));
- algorithms.put("aes-192", new Algorithm("AES", XMLCipher.AES_192, 192));
- algorithms.put("aes-256", new Algorithm("AES", XMLCipher.AES_256, 256));
- algorithms.put("tripledes", new Algorithm("TripleDes", XMLCipher.TRIPLEDES, 168));
- }
-
- public EncryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- this.header = header;
- this.store = store;
- }
-
- private void processTarget(XMLCipher cipher, Document message, Target target, ReferenceList list, SecretKey key) throws WSSecurityException
- {
- if (!(target instanceof QNameTarget))
- throw new NotImplementedException();
-
- QName name = ((QNameTarget)target).getName();
-
- Element element = Util.findElement(message.getDocumentElement(), name);
- if (element == null)
- throw new RuntimeException("Could not find element");
-
- // Ensure that the element has an id, so that encryption verification can be performed
- Util.assignWsuId(element);
-
- try
- {
- cipher.init(XMLCipher.ENCRYPT_MODE, key);
- EncryptedData encrypted = cipher.getEncryptedData();
- String id = Util.generateId("encrypted");
- encrypted.setId(id);
- list.add(id);
- cipher.doFinal(message, element, target.isContent());
- }
- catch (Exception e)
- {
- throw new WSSecurityException("Error encrypting target: " + name, e);
- }
- }
-
- public SecretKey getSecretKey(String algorithm) throws WSSecurityException
- {
- Algorithm alg = algorithms.get(algorithm);
-
- try
- {
- KeyGenerator kgen = KeyGenerator.getInstance(alg.jceName);
- kgen.init(alg.size);
- return kgen.generateKey();
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new WSSecurityException(e.getMessage());
- }
- }
-
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String wrap, String tokenRefType) throws WSSecurityException
- {
- if (! algorithms.containsKey(algorithm))
- algorithm = DEFAULT_ALGORITHM;
-
- SecretKey secretKey = getSecretKey(algorithm);
- XMLCipher cipher;
- try
- {
- cipher = XMLCipher.getInstance(algorithms.get(algorithm).xmlName);
- cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
- }
- catch (XMLSecurityException e)
- {
- throw new WSSecurityException("Error initializing xml cipher" + e.getMessage(), e);
- }
-
- ReferenceList list = new ReferenceList();
-
- if (targets == null || targets.size() == 0)
- {
- // By default we encrypt the content of the body element
- String namespace = message.getDocumentElement().getNamespaceURI();
- processTarget(cipher, message, new QNameTarget(new QName(namespace, "Body"), true), list, secretKey);
- }
- else
- {
- for (Target target : targets)
- processTarget(cipher, message, target, list, secretKey);
- }
-
- X509Certificate cert = getCertificate(alias);
- X509Token token = (X509Token) header.getSharedToken(cert);
-
- // Can we reuse an existing token?
- if (token == null)
- {
- token = new X509Token(cert, message);
- if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType))
- header.addToken(token);
- }
-
- EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list, wrap, tokenRefType);
- header.addSecurityProcess(eKey);
- }
-
- @SuppressWarnings("unchecked")
- private X509Certificate getCertificate(String alias) throws WSSecurityException
- {
- X509Certificate cert = null;
- if (alias != null)
- {
- cert = store.getCertificate(alias);
- if (cert == null)
- throw new WSSecurityException("Cannot load certificate from keystore; alias = " + alias);
- }
- else
- {
- List<PublicKey> publicKeys = SignatureKeysAssociation.getPublicKeys();
- if (publicKeys != null && publicKeys.size() == 1)
- cert = store.getCertificateByPublicKey(publicKeys.iterator().next());
- if (cert == null)
- throw new WSSecurityException("Cannot get the certificate for message encryption! Verify the keystore contents, " +
- "considering the certificate is obtained through the alias specified in the encrypt configuration element " +
- "or (server side only) through a single key used to sign the incoming message.");
- }
- return cert;
- }
-
-
- public static boolean probeUnlimitedCrypto() throws WSSecurityException
- {
- try
- {
- //Check AES-256
- KeyGenerator kgen = KeyGenerator.getInstance("AES");
- kgen.init(256);
- SecretKey key = kgen.generateKey();
- Cipher c = Cipher.getInstance("AES");
- c.init(Cipher.ENCRYPT_MODE, key);
-
- //Check Blowfish
- kgen = KeyGenerator.getInstance("Blowfish");
- key = kgen.generateKey();
- c = Cipher.getInstance("Blowfish");
- c.init(Cipher.ENCRYPT_MODE, key);
-
- return true;
- }
- catch (InvalidKeyException e)
- {
- return false;
- }
- catch (Exception e)
- {
- throw new WSSecurityException("Error probing cryptographic permissions", e);
- }
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/Operation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/Operation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/Operation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,33 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-/**
- * Marker interface for all WS-Security operations
- *
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public interface Operation
-{
-
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,131 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.List;
-
-
-/**
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public class OperationDescription<T extends Operation>
-{
- private Class<? extends T> operation;
-
- private List<Target> targets;
-
- private String certificateAlias;
-
- private String credential;
-
- private String algorithm;
-
- private String keyWrapAlgorithm;
-
- private String tokenRefType;
-
- public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType)
- {
- this.operation = operation;
- this.targets = targets;
- this.certificateAlias = certicateAlias;
- this.credential = credential;
- this.algorithm = algorithm;
- this.keyWrapAlgorithm = keyWrapAlgorithm;
- this.tokenRefType = tokenRefType;
- }
-
- public Class<? extends T> getOperation()
- {
- return operation;
- }
-
- public void setOperation(Class<? extends T> operation)
- {
- this.operation = operation;
- }
-
- public List<Target> getTargets()
- {
- return targets;
- }
-
- public void setTargets(List<Target> targets)
- {
- this.targets = targets;
- }
-
-
- public String getCertificateAlias()
- {
- return certificateAlias;
- }
-
-
- public void setCertificateAlias(String certificateAlias)
- {
- this.certificateAlias = certificateAlias;
- }
-
-
- public String getCredential()
- {
- return credential;
- }
-
- public void setCredential(String credential)
- {
- this.credential = credential;
- }
-
- public String getAlgorithm()
- {
- return algorithm;
- }
-
- public void setAlgorithm(String algorithm)
- {
- this.algorithm = algorithm;
- }
-
- public String getKeyWrapAlgorithm()
- {
- return keyWrapAlgorithm;
- }
-
- public void setKeyWrapAlgorithm(String keyWrapAlgorithm)
- {
- this.keyWrapAlgorithm = keyWrapAlgorithm;
- }
-
- public String getTokenRefType()
- {
- return tokenRefType;
- }
-
- public void setTokenRefType(String tokenRefType)
- {
- this.tokenRefType = tokenRefType;
- }
-
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,59 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ws.extensions.security;
-
-// $Id$
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.Token;
-import org.jboss.ws.extensions.security.element.UsernameToken;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.jboss.wsf.spi.SPIProvider;
-import org.jboss.wsf.spi.SPIProviderResolver;
-import org.jboss.wsf.spi.invocation.SecurityAdaptor;
-import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
-import org.w3c.dom.Document;
-
-public class ReceiveUsernameOperation implements TokenOperation
-{
- private SecurityHeader header;
- private SecurityStore store;
-
- private SecurityAdaptorFactory secAdapterfactory;
-
- public ReceiveUsernameOperation(SecurityHeader header, SecurityStore store)
- {
- this.header = header;
- this.store = store;
-
- SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
- secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
- }
-
- public void process(Document message, Token token) throws WSSecurityException
- {
- UsernameToken user = (UsernameToken)token;
- SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
- securityAdaptor.setPrincipal(new SimplePrincipal(user.getUsername()));
- securityAdaptor.setCredential(user.getPassword());
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,34 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-
-
-public class RequireEncryptionOperation extends RequireTargetableOperation
-{
- public RequireEncryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- super(header, store);
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,39 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-/**
- * Marker interface for all requirement based WS-Security operations.
- *
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public interface RequireOperation extends Operation
-{
- public void process(Document message, List<Target> targets, String alias, String credential, Collection<String> processedIds) throws WSSecurityException;
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,34 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-
-
-public class RequireSignatureOperation extends RequireTargetableOperation
-{
- public RequireSignatureOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- super(header, store);
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,92 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.exception.FailedCheckException;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class RequireTargetableOperation implements RequireOperation
-{
- public RequireTargetableOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- }
-
- private Collection<String> resolveTarget(Document message, Target target) throws WSSecurityException
- {
- if (target instanceof QNameTarget)
- return resolveQNameTarget(message, (QNameTarget) target);
- else if (target instanceof WsuIdTarget)
- {
- Collection<String> result = new ArrayList<String>(1);
- result.add(((WsuIdTarget)target).getId());
- return result;
- }
-
- throw new WSSecurityException("Unknown target");
- }
-
- private Collection<String> resolveQNameTarget(Document message, QNameTarget target) throws WSSecurityException
- {
- QName name = target.getName();
-
- Element element = Util.findElement(message.getDocumentElement(), name);
- if (element == null)
- throw new FailedCheckException("Required QName was not present: " + name);
-
- String id = Util.getWsuId(element);
-
- if (id == null)
- throw new FailedCheckException("Required element did not contain a wsu:id.");
-
- Collection<String> result = new ArrayList<String>(1);
- result.add(id);
-
- return result;
- }
-
- public void process(Document message, List<Target> targets, String alias, String credential, Collection<String> processedIds) throws WSSecurityException
- {
- if (targets == null || targets.size() == 0)
- {
- // By default we require just the body element
- String namespace = message.getDocumentElement().getNamespaceURI();
- targets = new ArrayList<Target>(1);
- targets.add(new QNameTarget(new QName(namespace, "Body"), true));
- }
-
- for (Target target : targets)
- {
- Collection<String> ids = resolveTarget(message, target);
- if (! processedIds.containsAll(ids))
- throw new FailedCheckException("Required elements for encryption and or signing are not all present.");
- }
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTimestampOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTimestampOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTimestampOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,62 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.List;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.Timestamp;
-import org.jboss.ws.extensions.security.exception.FailedCheckException;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-
-public class RequireTimestampOperation implements RequireOperation
-{
- private SecurityHeader header;
-
- public RequireTimestampOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- this.header = header;
- }
-
- public void process(Document message, List<Target> targets, String maxAge, String credential, Collection<String> processedIds) throws WSSecurityException
- {
- Timestamp stamp = header.getTimestamp();
- if (stamp == null)
- throw new FailedCheckException("Required timestamp not present.");
-
- // If there is no maxAge specified then we are done
- if (maxAge == null)
- return;
-
- int max = Integer.parseInt(maxAge);
-
- Calendar expired = (Calendar)stamp.getCreated().clone();
- expired.add(Calendar.SECOND, max);
-
- if (! Calendar.getInstance().before(expired))
- throw new FailedCheckException("Timestamp of message is too old.");
- }
-}
Modified: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -35,6 +35,14 @@
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.jboss.ws.extensions.security.operation.DecryptionOperation;
+import org.jboss.ws.extensions.security.operation.OperationDescription;
+import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation;
+import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
+import org.jboss.ws.extensions.security.operation.RequireOperation;
+import org.jboss.ws.extensions.security.operation.RequireSignatureOperation;
+import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation;
+import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -134,41 +142,23 @@
}
}
- public void verify(List<OperationDescription<RequireOperation>> requireOperations) throws WSSecurityException
+ public void verify(List<RequireOperation> requireOperations) throws WSSecurityException
{
if (requireOperations == null)
return;
- for (OperationDescription<RequireOperation> o : requireOperations)
+ for (RequireOperation op : requireOperations)
{
- Class<? extends RequireOperation> operation = o.getOperation();
- RequireOperation op;
Collection<String> processedIds = null;
-
- if (operation.equals(RequireSignatureOperation.class))
+ if (op instanceof RequireSignatureOperation)
{
- op = new RequireSignatureOperation(header, store);
processedIds = signedIds;
}
- else if (operation.equals(RequireEncryptionOperation.class))
+ else if (op instanceof RequireEncryptionOperation)
{
- op = new RequireEncryptionOperation(header, store);
processedIds = encryptedIds;
}
- else
- {
- try
- {
- Constructor<? extends RequireOperation> c = operation.getConstructor(SecurityHeader.class, SecurityStore.class);
- op = c.newInstance(header, store);
- }
- catch (Exception e)
- {
- throw new WSSecurityException("Error constructing operation: " + operation);
- }
- }
-
- op.process(message, o.getTargets(), o.getCertificateAlias(), o.getCredential(), processedIds);
+ op.process(message, header, processedIds);
}
}
Modified: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -21,11 +21,13 @@
*/
package org.jboss.ws.extensions.security;
-import java.lang.reflect.Constructor;
+//$Id$
+
import java.util.List;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.jboss.ws.extensions.security.operation.EncodingOperation;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -39,11 +41,11 @@
*/
public class SecurityEncoder
{
- private List<OperationDescription<EncodingOperation>> operations;
+ private List<EncodingOperation> operations;
private SecurityStore store;
- public SecurityEncoder(List<OperationDescription<EncodingOperation>> operations, SecurityStore store)
+ public SecurityEncoder(List<EncodingOperation> operations, SecurityStore store)
{
org.apache.xml.security.Init.init();
this.operations = operations;
@@ -69,21 +71,9 @@
public void encode(Document message) throws WSSecurityException
{
SecurityHeader header = new SecurityHeader(message);
- for (OperationDescription<EncodingOperation> op : operations)
+ for (EncodingOperation operation : operations)
{
- EncodingOperation operation;
-
- try
- {
- Constructor<? extends EncodingOperation> constructor = op.getOperation().getConstructor(SecurityHeader.class, SecurityStore.class);
- operation = constructor.newInstance(header, store);
- }
- catch (Exception e)
- {
- throw new WSSecurityException("Error constructing operation: " + op.getOperation());
- }
-
- operation.process(message, op.getTargets(), op.getCertificateAlias(), op.getCredential(), op.getAlgorithm(), op.getKeyWrapAlgorithm(), op.getTokenRefType());
+ operation.process(message, header, store);
}
attachHeader(header, message);
}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,47 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.List;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.UsernameToken;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-public class SendUsernameOperation implements EncodingOperation
-{
- private SecurityHeader header;
-
- private SecurityStore store;
-
- public SendUsernameOperation(SecurityHeader header, SecurityStore store)
- {
- this.header = header;
- this.store = store;
- }
-
- public void process(Document message, List<Target> targets, String username, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException
- {
- header.addToken(new UsernameToken(username, credential, message));
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,180 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.jboss.util.NotImplementedException;
-import org.jboss.ws.extensions.security.element.Reference;
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.SecurityTokenReference;
-import org.jboss.ws.extensions.security.element.Signature;
-import org.jboss.ws.extensions.security.element.X509Token;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-
-public class SignatureOperation implements EncodingOperation
-{
- private SecurityHeader header;
-
- private SecurityStore store;
-
- public SignatureOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- this.header = header;
- this.store = store;
- }
-
- private void processTarget(XMLSignature sig, Document message, Target target)
- {
- if (target instanceof QNameTarget)
- processQNameTarget(sig, message, (QNameTarget) target);
- else if (target instanceof WsuIdTarget)
- processWsuIdTarget(sig, message, (WsuIdTarget) target);
- else
- throw new NotImplementedException();
- }
-
- private void processQNameTarget(XMLSignature sig, Document message, QNameTarget target)
- {
- QName name = target.getName();
-
- Transforms transforms = new Transforms(message);
- try
- {
- transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- }
- catch (TransformationException e)
- {
- throw new RuntimeException(e);
- }
-
- Element element = Util.findElement(message.getDocumentElement(), name);
- if (element == null)
- throw new RuntimeException("Could not find element");
-
- String id = Util.assignWsuId(element);
-
- try
- {
- sig.addDocument("#" + id, transforms);
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- private void processWsuIdTarget(XMLSignature sig, Document message, WsuIdTarget target)
- {
- String id = target.getId();
-
- Transforms transforms = new Transforms(message);
- try
- {
- transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
- }
- catch (TransformationException e)
- {
- throw new RuntimeException(e);
- }
-
- try
- {
- sig.addDocument("#" + id, transforms);
- }
- catch (XMLSignatureException e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException
- {
- Element envelope = message.getDocumentElement();
- XMLSignature sig;
- try
- {
- sig = new XMLSignature(message, null, XMLSignature.ALGO_ID_SIGNATURE_RSA, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- }
- catch (XMLSecurityException e)
- {
- throw new WSSecurityException("Error building signature", e);
- }
-
- // For now we pass our resolver the root document because the signature element isn't attached
- // to the evelope yet (no wsse header). Perhaps we should do this differently
- sig.addResourceResolver(new WsuIdResolver(message, header.getElement()));
- PrivateKey key = store.getPrivateKey(alias);
-
- if (targets == null || targets.size() == 0)
- {
- // By default we sign the body element, and a timestamp if it is available
- String namespace = envelope.getNamespaceURI();
- processTarget(sig, message, new QNameTarget(new QName(namespace, "Body")));
- if (header.getTimestamp() != null)
- processTarget(sig, message, new WsuIdTarget("timestamp"));
- }
- else
- {
- for (Target target : targets)
- processTarget(sig, message, target);
- }
-
- try
- {
- sig.sign(key);
- }
- catch (XMLSignatureException e)
- {
- throw new WSSecurityException("Error signing message: " + e.getMessage(), e);
- }
-
- X509Certificate cert = store.getCertificate(alias);
- X509Token token = (X509Token) header.getSharedToken(cert);
-
- // Can we reuse an existing token?
- if (token == null)
- {
- token = new X509Token(cert, message);
- if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType))
- header.addToken(token);
- }
-
- SecurityTokenReference reference = new SecurityTokenReference(Reference.getReference(tokenRefType, message, token));
- sig.getKeyInfo().addUnknownElement(reference.getElement());
-
- header.addSecurityProcess(new Signature(sig));
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureVerificationOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureVerificationOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureVerificationOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,93 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.SignedInfo;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.SecurityProcess;
-import org.jboss.ws.extensions.security.element.Signature;
-import org.jboss.ws.extensions.security.exception.FailedCheckException;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-public class SignatureVerificationOperation implements DecodingOperation
-{
- private SecurityHeader header;
-
- private SecurityStore store;
-
- public SignatureVerificationOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
- {
- this.header = header;
- this.store = store;
- }
-
- public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException
- {
- Signature signature = (Signature) process;
- XMLSignature xmlSig = signature.getSignature();
-
- xmlSig.addResourceResolver(new WsuIdResolver(message));
- STRTransform.setSecurityStore(store);
-
- try
- {
- if (! xmlSig.checkSignatureValue(signature.getPublicKey()))
- throw new FailedCheckException("Signature is invalid.");
-
- SignatureKeysAssociation.saveKey(signature.getPublicKey());
- }
- catch (XMLSignatureException e)
- {
- throw new WSSecurityException("An unexpected error occured while verifying signature", e);
- }
- finally
- {
- STRTransform.setSecurityStore(null);
- }
-
- SignedInfo info = xmlSig.getSignedInfo();
- int length = info.getLength();
- Collection<String> processed = new ArrayList<String>(length);
- try
- {
- for (int i = 0; i < length; i++)
- {
- String uri = info.item(i).getURI();
- if (uri != null && uri.length() > 1 && uri.charAt(0)=='#')
- processed.add(uri.substring(1));
- }
- }
- catch (XMLSecurityException e)
- {
- throw new WSSecurityException("Could not extract references", e);
- }
-
- return processed;
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,59 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.List;
-
-import org.jboss.ws.extensions.security.element.SecurityHeader;
-import org.jboss.ws.extensions.security.element.Timestamp;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-public class TimestampOperation implements EncodingOperation
-{
- private SecurityHeader header;
-
- private SecurityStore store;
-
- public TimestampOperation(SecurityHeader header, SecurityStore store)
- {
- this.header = header;
- this.store = store;
- }
-
- public void process(Document message, List<Target> targets, String alias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType) throws WSSecurityException
- {
- Integer ttl = null;
-
- try
- {
- // Time to live is stuffed in the credential field
- ttl = Integer.valueOf(credential);
- }
- catch (NumberFormatException e)
- {
- // Eat
- }
-
- header.setTimestamp(new Timestamp(ttl, message));
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampVerificationOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampVerificationOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampVerificationOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,63 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import java.util.Calendar;
-
-import org.jboss.ws.extensions.security.element.Timestamp;
-import org.jboss.ws.extensions.security.exception.FailedCheckException;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-
-public class TimestampVerificationOperation
-{
- private Calendar now = null;
-
- public TimestampVerificationOperation()
- {
- }
-
- /**
- * A special constructor that allows you to use a different value when validating the message.
- * DO NOT USE THIS UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!.
- *
- * @param now The timestamp to use as the current time when validating a message expiration
- */
- public TimestampVerificationOperation(Calendar now)
- {
- this.now = now;
- }
-
- public void process(Document message, Timestamp timestamp) throws WSSecurityException
- {
- Calendar expired = timestamp.getExpires();
- Calendar created = timestamp.getCreated();
- Calendar now = (this.now == null) ? Calendar.getInstance() : this.now;
-
- if (created.after(now))
- throw new WSSecurityException("Invalid timestamp, message claimed to be created after now");
-
- if (expired != null && ! now.before(expired))
- throw new FailedCheckException("Expired message.");
- }
-}
Deleted: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TokenOperation.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TokenOperation.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TokenOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -1,39 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.ws.extensions.security;
-
-import org.jboss.ws.extensions.security.element.Token;
-import org.jboss.ws.extensions.security.exception.WSSecurityException;
-import org.w3c.dom.Document;
-
-/**
- * <code>DecodingOperation</code> represents an operation that is applied to a
- * WS-Security encoded message to both convert and verify the contents of the
- * message.
- *
- * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @version $Revision$
- */
-public interface TokenOperation
-{
- public void process(Document message, Token token) throws WSSecurityException;
-}
Modified: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -35,6 +35,16 @@
import org.jboss.ws.core.CommonSOAPFaultException;
import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.jboss.ws.extensions.security.operation.EncodingOperation;
+import org.jboss.ws.extensions.security.operation.EncryptionOperation;
+//import org.jboss.ws.extensions.security.operation.OperationDescription;
+import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
+import org.jboss.ws.extensions.security.operation.RequireOperation;
+import org.jboss.ws.extensions.security.operation.RequireSignatureOperation;
+import org.jboss.ws.extensions.security.operation.RequireTimestampOperation;
+import org.jboss.ws.extensions.security.operation.SendUsernameOperation;
+import org.jboss.ws.extensions.security.operation.SignatureOperation;
+import org.jboss.ws.extensions.security.operation.TimestampOperation;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
import org.jboss.ws.metadata.wsse.RequireEncryption;
@@ -80,7 +90,7 @@
return new CommonSOAPFaultException(e.getFaultCode(), e.getFaultString());
}
- private static List<OperationDescription<RequireOperation>> buildRequireOperations(Config operationConfig)
+ private static List<RequireOperation> buildRequireOperations(Config operationConfig)
{
if (operationConfig == null)
return null;
@@ -89,23 +99,23 @@
if (requires == null)
return null;
- ArrayList<OperationDescription<RequireOperation>> operations = new ArrayList<OperationDescription<RequireOperation>>();
+ ArrayList<RequireOperation> operations = new ArrayList<RequireOperation>();
RequireTimestamp requireTimestamp = requires.getRequireTimestamp();
if (requireTimestamp != null)
- operations.add(new OperationDescription<RequireOperation>(RequireTimestampOperation.class, null, requireTimestamp.getMaxAge(), null, null, null, null));
+ operations.add(new RequireTimestampOperation(requireTimestamp.getMaxAge()));
RequireSignature requireSignature = requires.getRequireSignature();
if (requireSignature != null)
{
List<Target> targets = convertTargets(requireSignature.getTargets());
- operations.add(new OperationDescription<RequireOperation>(RequireSignatureOperation.class, targets, null, null, null, null, null));
+ operations.add(new RequireSignatureOperation(targets));
}
RequireEncryption requireEncryption = requires.getRequireEncryption();
if (requireEncryption != null)
{
List<Target> targets = convertTargets(requireEncryption.getTargets());
- operations.add(new OperationDescription<RequireOperation>(RequireEncryptionOperation.class, targets, null, null, null, null, null));
+ operations.add(new RequireEncryptionOperation(targets));
}
return operations;
@@ -152,7 +162,7 @@
if (log.isTraceEnabled())
log.trace("Decoded Message:\n" + DOMWriter.printNode(message.getSOAPPart(), true));
- List<OperationDescription<RequireOperation>> operations = buildRequireOperations(config);
+ List<RequireOperation> operations = buildRequireOperations(config);
decoder.verify(operations);
if(log.isDebugEnabled()) log.debug("Verification is successful");
@@ -179,16 +189,16 @@
if (config == null)
return;
- ArrayList<OperationDescription<EncodingOperation>> operations = new ArrayList<OperationDescription<EncodingOperation>>();
+ ArrayList<EncodingOperation> operations = new ArrayList<EncodingOperation>();
Timestamp timestamp = config.getTimestamp();
if (timestamp != null)
{
- operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, timestamp.getTtl(), null, null, null));
+ operations.add(new TimestampOperation(timestamp.getTtl()));
}
if (config.getUsername() != null && user != null && password != null)
{
- operations.add(new OperationDescription<EncodingOperation>(SendUsernameOperation.class, null, user, password, null, null, null));
+ operations.add(new SendUsernameOperation(user, password));
}
Sign sign = config.getSign();
@@ -198,20 +208,20 @@
if (sign.isIncludeTimestamp())
{
if (timestamp == null)
- operations.add(new OperationDescription<EncodingOperation>(TimestampOperation.class, null, null, null, null, null, null));
+ operations.add(new TimestampOperation(null)); //TODO!! check this null
if (targets != null && targets.size() > 0)
targets.add(new WsuIdTarget("timestamp"));
}
- operations.add(new OperationDescription<EncodingOperation>(SignatureOperation.class, targets, sign.getAlias(), null, null, null, sign.getTokenRefType()));
+ operations.add(new SignatureOperation(targets, sign.getAlias(), sign.getTokenRefType()));
}
Encrypt encrypt = config.getEncrypt();
if (encrypt != null)
{
List<Target> targets = convertTargets(encrypt.getTargets());
- operations.add(new OperationDescription<EncodingOperation>(EncryptionOperation.class, targets, encrypt.getAlias(), null, encrypt.getAlgorithm(), encrypt.getWrap(), encrypt.getTokenRefType()));
+ operations.add(new EncryptionOperation(targets, encrypt.getAlias(), encrypt.getAlgorithm(), encrypt.getWrap(), encrypt.getTokenRefType()));
}
if (operations.size() == 0)
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecodingOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecodingOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecodingOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecodingOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,41 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Collection;
+
+import org.jboss.ws.extensions.security.element.SecurityProcess;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+/**
+ * <code>DecodingOperation</code> represents an operation that is applied to a
+ * WS-Security encoded message to both convert and verify the contents of the
+ * message.
+ *
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public interface DecodingOperation extends Operation
+{
+ public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException;
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/DecryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,151 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Collection;
+import java.util.HashSet;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.XMLEncryptionException;
+import org.jboss.ws.extensions.security.Constants;
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.Util;
+import org.jboss.ws.extensions.security.element.EncryptedKey;
+import org.jboss.ws.extensions.security.element.ReferenceList;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.SecurityProcess;
+import org.jboss.ws.extensions.security.exception.FailedCheckException;
+import org.jboss.ws.extensions.security.exception.InvalidSecurityHeaderException;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class DecryptionOperation implements DecodingOperation
+{
+
+ private SecurityHeader header;
+
+ private SecurityStore store;
+
+ public DecryptionOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ this.header = header;
+ this.store = store;
+ }
+
+ private boolean isContent(Element element)
+ {
+ return Constants.XENC_CONTENT_TYPE.equals(element.getAttribute("Type"));
+ }
+
+ private String getEncryptionAlgorithm(Element element) throws WSSecurityException
+ {
+ element = Util.findElement(element, "EncryptionMethod", Constants.XML_ENCRYPTION_NS);
+ if (element == null)
+ throw new InvalidSecurityHeaderException("Encrypted element corrupted, no encryption method");
+
+ String alg = element.getAttribute("Algorithm");
+ if (alg == null || alg.length() == 0)
+ throw new InvalidSecurityHeaderException("Encrypted element corrupted, no algorithm specified");
+
+ return alg;
+ }
+
+ private String decryptElement(Element element, SecretKey key) throws WSSecurityException
+ {
+ Element previous;
+ boolean parent;
+ boolean isContent;
+
+ // We find the decrypted element by traversing to the element before the
+ // encrypted data. If there is no sibling before the encrypted data, then
+ // we traverse to the parent.
+ // "Now take a step back . . . and then a step forward . . . and then a
+ // step back . . . and then we're cha-chaing." -Chris Knight
+ parent = isContent = isContent(element);
+ if (parent)
+ {
+ previous = (Element) element.getParentNode();
+ }
+ else
+ {
+ previous = Util.getPreviousSiblingElement(element);
+ if (previous == null)
+ {
+ parent = true;
+ previous = (Element) element.getParentNode();
+ }
+ }
+
+ String alg = getEncryptionAlgorithm(element);
+ try
+ {
+ XMLCipher cipher = XMLCipher.getInstance(alg);
+ cipher.init(XMLCipher.DECRYPT_MODE, key);
+ cipher.doFinal(element.getOwnerDocument(), element);
+ }
+ catch (XMLEncryptionException e)
+ {
+ throw new FailedCheckException("Decryption was invalid.");
+ }
+ catch (Exception e)
+ {
+ throw new WSSecurityException("Could not decrypt element: " + e.getMessage(), e);
+ }
+
+ if (isContent)
+ return Util.getWsuId(previous);
+
+ Element decrypted = (parent) ? Util.getFirstChildElement(previous) : Util.getNextSiblingElement(previous);
+ if (decrypted == null)
+ return null;
+
+ return Util.getWsuId(decrypted);
+ }
+
+ private boolean isEncryptedData(Element element)
+ {
+ return "EncryptedData".equals(element.getLocalName()) && Constants.XML_ENCRYPTION_NS.equals(element.getNamespaceURI());
+ }
+
+ public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException
+ {
+ Collection<String> ids = new HashSet<String>();
+ EncryptedKey key = (EncryptedKey) process;
+ ReferenceList list = key.getReferenceList();
+ for (String uri : list.getAllReferences())
+ {
+ Element element = Util.findElementByWsuId(message.getDocumentElement(), uri);
+ if (element == null)
+ throw new WSSecurityException("A reference list refered to an element that was not found: " + uri);
+
+ if (!isEncryptedData(element))
+ throw new WSSecurityException("Malformed reference list, a non encrypted data element was referenced: " + uri);
+
+ ids.add(decryptElement(element, key.getSecretKey()));
+ }
+
+ return ids;
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncodingOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncodingOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncodingOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncodingOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,41 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+/**
+ * <code>EncodingOperation</code> represents an encoding operation that is
+ * applied to a standard SOAP message, transforming it into a WS-Security
+ * encoded message.
+ *
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public interface EncodingOperation extends Operation
+{
+ public void process(Document message, SecurityHeader header, SecurityStore store) throws WSSecurityException;
+
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/EncryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,242 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.xml.namespace.QName;
+
+import org.apache.xml.security.encryption.EncryptedData;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.jboss.util.NotImplementedException;
+import org.jboss.ws.extensions.security.QNameTarget;
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.SignatureKeysAssociation;
+import org.jboss.ws.extensions.security.Target;
+import org.jboss.ws.extensions.security.Util;
+import org.jboss.ws.extensions.security.element.EncryptedKey;
+import org.jboss.ws.extensions.security.element.Reference;
+import org.jboss.ws.extensions.security.element.ReferenceList;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.X509Token;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class EncryptionOperation implements EncodingOperation
+{
+ private List<Target> targets;
+ private String alias;
+ private String algorithm;
+ private String wrap;
+ private String tokenRefType;
+
+ private static class Algorithm
+ {
+ Algorithm(String jceName, String xmlName, int size)
+ {
+ this.jceName = jceName;
+ this.xmlName = xmlName;
+ this.size = size;
+ }
+
+ public String jceName;
+ public String xmlName;
+ public int size;
+ }
+
+ private static HashMap<String, Algorithm> algorithms;
+
+ private static final String DEFAULT_ALGORITHM = "aes-128";
+
+ static
+ {
+ algorithms = new HashMap<String, Algorithm>(4);
+ algorithms.put("aes-128", new Algorithm("AES", XMLCipher.AES_128, 128));
+ algorithms.put("aes-192", new Algorithm("AES", XMLCipher.AES_192, 192));
+ algorithms.put("aes-256", new Algorithm("AES", XMLCipher.AES_256, 256));
+ algorithms.put("tripledes", new Algorithm("TripleDes", XMLCipher.TRIPLEDES, 168));
+ }
+
+ public EncryptionOperation(List<Target> targets, String alias, String algorithm, String wrap, String tokenRefType)
+ {
+ super();
+ this.targets = targets;
+ this.alias = alias;
+ this.algorithm = algorithm;
+ this.wrap = wrap;
+ this.tokenRefType = tokenRefType;
+ }
+
+ private void processTarget(XMLCipher cipher, Document message, Target target, ReferenceList list, SecretKey key) throws WSSecurityException
+ {
+ if (!(target instanceof QNameTarget))
+ throw new NotImplementedException();
+
+ QName name = ((QNameTarget)target).getName();
+
+ Element element = Util.findElement(message.getDocumentElement(), name);
+ if (element == null)
+ throw new RuntimeException("Could not find element");
+
+ // Ensure that the element has an id, so that encryption verification can be performed
+ Util.assignWsuId(element);
+
+ try
+ {
+ cipher.init(XMLCipher.ENCRYPT_MODE, key);
+ EncryptedData encrypted = cipher.getEncryptedData();
+ String id = Util.generateId("encrypted");
+ encrypted.setId(id);
+ list.add(id);
+ cipher.doFinal(message, element, target.isContent());
+ }
+ catch (Exception e)
+ {
+ throw new WSSecurityException("Error encrypting target: " + name, e);
+ }
+ }
+
+ public SecretKey getSecretKey(String algorithm) throws WSSecurityException
+ {
+ Algorithm alg = algorithms.get(algorithm);
+
+ try
+ {
+ KeyGenerator kgen = KeyGenerator.getInstance(alg.jceName);
+ kgen.init(alg.size);
+ return kgen.generateKey();
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new WSSecurityException(e.getMessage());
+ }
+ }
+
+ public void process(Document message, SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ if (! algorithms.containsKey(algorithm))
+ algorithm = DEFAULT_ALGORITHM;
+
+ SecretKey secretKey = getSecretKey(algorithm);
+ XMLCipher cipher;
+ try
+ {
+ cipher = XMLCipher.getInstance(algorithms.get(algorithm).xmlName);
+ cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+ }
+ catch (XMLSecurityException e)
+ {
+ throw new WSSecurityException("Error initializing xml cipher" + e.getMessage(), e);
+ }
+
+ ReferenceList list = new ReferenceList();
+
+ if (targets == null || targets.size() == 0)
+ {
+ // By default we encrypt the content of the body element
+ String namespace = message.getDocumentElement().getNamespaceURI();
+ processTarget(cipher, message, new QNameTarget(new QName(namespace, "Body"), true), list, secretKey);
+ }
+ else
+ {
+ for (Target target : targets)
+ processTarget(cipher, message, target, list, secretKey);
+ }
+
+ X509Certificate cert = getCertificate(store, alias);
+ X509Token token = (X509Token) header.getSharedToken(cert);
+
+ // Can we reuse an existing token?
+ if (token == null)
+ {
+ token = new X509Token(cert, message);
+ if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType))
+ header.addToken(token);
+ }
+
+ EncryptedKey eKey = new EncryptedKey(message, secretKey, token, list, wrap, tokenRefType);
+ header.addSecurityProcess(eKey);
+ }
+
+ @SuppressWarnings("unchecked")
+ private X509Certificate getCertificate(SecurityStore store, String alias) throws WSSecurityException
+ {
+ X509Certificate cert = null;
+ if (alias != null)
+ {
+ cert = store.getCertificate(alias);
+ if (cert == null)
+ throw new WSSecurityException("Cannot load certificate from keystore; alias = " + alias);
+ }
+ else
+ {
+ List<PublicKey> publicKeys = SignatureKeysAssociation.getPublicKeys();
+ if (publicKeys != null && publicKeys.size() == 1)
+ cert = store.getCertificateByPublicKey(publicKeys.iterator().next());
+ if (cert == null)
+ throw new WSSecurityException("Cannot get the certificate for message encryption! Verify the keystore contents, " +
+ "considering the certificate is obtained through the alias specified in the encrypt configuration element " +
+ "or (server side only) through a single key used to sign the incoming message.");
+ }
+ return cert;
+ }
+
+
+ public static boolean probeUnlimitedCrypto() throws WSSecurityException
+ {
+ try
+ {
+ //Check AES-256
+ KeyGenerator kgen = KeyGenerator.getInstance("AES");
+ kgen.init(256);
+ SecretKey key = kgen.generateKey();
+ Cipher c = Cipher.getInstance("AES");
+ c.init(Cipher.ENCRYPT_MODE, key);
+
+ //Check Blowfish
+ kgen = KeyGenerator.getInstance("Blowfish");
+ key = kgen.generateKey();
+ c = Cipher.getInstance("Blowfish");
+ c.init(Cipher.ENCRYPT_MODE, key);
+
+ return true;
+ }
+ catch (InvalidKeyException e)
+ {
+ return false;
+ }
+ catch (Exception e)
+ {
+ throw new WSSecurityException("Error probing cryptographic permissions", e);
+ }
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/Operation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/Operation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/Operation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/Operation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,33 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+/**
+ * Marker interface for all WS-Security operations
+ *
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public interface Operation
+{
+
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/OperationDescription.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/OperationDescription.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/OperationDescription.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/OperationDescription.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,133 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.List;
+
+import org.jboss.ws.extensions.security.Target;
+
+
+/**
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public class OperationDescription<T extends Operation>
+{
+ private Class<? extends T> operation;
+
+ private List<Target> targets;
+
+ private String certificateAlias;
+
+ private String credential;
+
+ private String algorithm;
+
+ private String keyWrapAlgorithm;
+
+ private String tokenRefType;
+
+ public OperationDescription(Class<? extends T> operation, List<Target> targets, String certicateAlias, String credential, String algorithm, String keyWrapAlgorithm, String tokenRefType)
+ {
+ this.operation = operation;
+ this.targets = targets;
+ this.certificateAlias = certicateAlias;
+ this.credential = credential;
+ this.algorithm = algorithm;
+ this.keyWrapAlgorithm = keyWrapAlgorithm;
+ this.tokenRefType = tokenRefType;
+ }
+
+ public Class<? extends T> getOperation()
+ {
+ return operation;
+ }
+
+ public void setOperation(Class<? extends T> operation)
+ {
+ this.operation = operation;
+ }
+
+ public List<Target> getTargets()
+ {
+ return targets;
+ }
+
+ public void setTargets(List<Target> targets)
+ {
+ this.targets = targets;
+ }
+
+
+ public String getCertificateAlias()
+ {
+ return certificateAlias;
+ }
+
+
+ public void setCertificateAlias(String certificateAlias)
+ {
+ this.certificateAlias = certificateAlias;
+ }
+
+
+ public String getCredential()
+ {
+ return credential;
+ }
+
+ public void setCredential(String credential)
+ {
+ this.credential = credential;
+ }
+
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ public void setAlgorithm(String algorithm)
+ {
+ this.algorithm = algorithm;
+ }
+
+ public String getKeyWrapAlgorithm()
+ {
+ return keyWrapAlgorithm;
+ }
+
+ public void setKeyWrapAlgorithm(String keyWrapAlgorithm)
+ {
+ this.keyWrapAlgorithm = keyWrapAlgorithm;
+ }
+
+ public String getTokenRefType()
+ {
+ return tokenRefType;
+ }
+
+ public void setTokenRefType(String tokenRefType)
+ {
+ this.tokenRefType = tokenRefType;
+ }
+
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveUsernameOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/ReceiveUsernameOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveUsernameOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveUsernameOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security.operation;
+
+// $Id$
+
+import org.jboss.logging.Logger;
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.SimplePrincipal;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.Token;
+import org.jboss.ws.extensions.security.element.UsernameToken;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.jboss.wsf.spi.SPIProvider;
+import org.jboss.wsf.spi.SPIProviderResolver;
+import org.jboss.wsf.spi.invocation.SecurityAdaptor;
+import org.jboss.wsf.spi.invocation.SecurityAdaptorFactory;
+import org.w3c.dom.Document;
+
+public class ReceiveUsernameOperation implements TokenOperation
+{
+ private SecurityHeader header;
+ private SecurityStore store;
+
+ private SecurityAdaptorFactory secAdapterfactory;
+
+ public ReceiveUsernameOperation(SecurityHeader header, SecurityStore store)
+ {
+ this.header = header;
+ this.store = store;
+
+ SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
+ secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
+ }
+
+ public void process(Document message, Token token) throws WSSecurityException
+ {
+ UsernameToken user = (UsernameToken)token;
+ SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
+ Logger.getLogger(this.getClass()).info("Username: " + user.getUsername());
+ Logger.getLogger(this.getClass()).info("Password: " + user.getPassword());
+ securityAdaptor.setPrincipal(new SimplePrincipal(user.getUsername()));
+ securityAdaptor.setCredential(user.getPassword());
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireEncryptionOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireEncryptionOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,37 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.List;
+
+import org.jboss.ws.extensions.security.Target;
+
+
+public class RequireEncryptionOperation extends RequireTargetableOperation
+{
+
+ public RequireEncryptionOperation(List<Target> targets)
+ {
+ super(targets);
+ }
+
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,39 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Collection;
+
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+/**
+ * Marker interface for all requirement based WS-Security operations.
+ *
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public interface RequireOperation extends Operation
+{
+ public void process(Document message, SecurityHeader header, Collection<String> processedIds) throws WSSecurityException;
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireSignatureOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireSignatureOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireSignatureOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireSignatureOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,37 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.List;
+
+import org.jboss.ws.extensions.security.Target;
+
+
+public class RequireSignatureOperation extends RequireTargetableOperation
+{
+
+ public RequireSignatureOperation(List<Target> targets)
+ {
+ super(targets);
+ }
+
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTargetableOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTargetableOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTargetableOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTargetableOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,99 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.jboss.ws.extensions.security.QNameTarget;
+import org.jboss.ws.extensions.security.Target;
+import org.jboss.ws.extensions.security.Util;
+import org.jboss.ws.extensions.security.WsuIdTarget;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.exception.FailedCheckException;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class RequireTargetableOperation implements RequireOperation
+{
+ private List<Target> targets;
+
+ public RequireTargetableOperation(List<Target> targets)
+ {
+ this.targets = targets;
+ }
+
+ private Collection<String> resolveTarget(Document message, Target target) throws WSSecurityException
+ {
+ if (target instanceof QNameTarget)
+ return resolveQNameTarget(message, (QNameTarget) target);
+ else if (target instanceof WsuIdTarget)
+ {
+ Collection<String> result = new ArrayList<String>(1);
+ result.add(((WsuIdTarget)target).getId());
+ return result;
+ }
+
+ throw new WSSecurityException("Unknown target");
+ }
+
+ private Collection<String> resolveQNameTarget(Document message, QNameTarget target) throws WSSecurityException
+ {
+ QName name = target.getName();
+
+ Element element = Util.findElement(message.getDocumentElement(), name);
+ if (element == null)
+ throw new FailedCheckException("Required QName was not present: " + name);
+
+ String id = Util.getWsuId(element);
+
+ if (id == null)
+ throw new FailedCheckException("Required element did not contain a wsu:id.");
+
+ Collection<String> result = new ArrayList<String>(1);
+ result.add(id);
+
+ return result;
+ }
+
+ public void process(Document message, SecurityHeader header, Collection<String> processedIds) throws WSSecurityException
+ {
+ if (targets == null || targets.size() == 0)
+ {
+ // By default we require just the body element
+ String namespace = message.getDocumentElement().getNamespaceURI();
+ targets = new ArrayList<Target>(1);
+ targets.add(new QNameTarget(new QName(namespace, "Body"), true));
+ }
+
+ for (Target target : targets)
+ {
+ Collection<String> ids = resolveTarget(message, target);
+ if (! processedIds.containsAll(ids))
+ throw new FailedCheckException("Required elements for encryption and or signing are not all present.");
+ }
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTimestampOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/RequireTimestampOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTimestampOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/RequireTimestampOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,61 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Calendar;
+import java.util.Collection;
+
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.Timestamp;
+import org.jboss.ws.extensions.security.exception.FailedCheckException;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+
+public class RequireTimestampOperation implements RequireOperation
+{
+ private String maxAge;
+
+ public RequireTimestampOperation(String maxAge)
+ {
+ this.maxAge = maxAge;
+ }
+
+ public void process(Document message, SecurityHeader header, Collection<String> processedIds) throws WSSecurityException
+ {
+ Timestamp stamp = header.getTimestamp();
+ if (stamp == null)
+ throw new FailedCheckException("Required timestamp not present.");
+
+ // If there is no maxAge specified then we are done
+ if (maxAge == null)
+ return;
+
+ int max = Integer.parseInt(maxAge);
+
+ Calendar expired = (Calendar)stamp.getCreated().clone();
+ expired.add(Calendar.SECOND, max);
+
+ if (! Calendar.getInstance().before(expired))
+ throw new FailedCheckException("Timestamp of message is too old.");
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SendUsernameOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SendUsernameOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SendUsernameOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SendUsernameOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,45 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.UsernameToken;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+public class SendUsernameOperation implements EncodingOperation
+{
+ private String username;
+ private String credential;
+
+ public SendUsernameOperation(String username, String credential)
+ {
+ this.username = username;
+ this.credential = credential;
+ }
+
+ public void process(Document message, SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ header.addToken(new UsernameToken(username, credential, message));
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,188 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.transforms.TransformationException;
+import org.apache.xml.security.transforms.Transforms;
+import org.jboss.util.NotImplementedException;
+import org.jboss.ws.extensions.security.QNameTarget;
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.Target;
+import org.jboss.ws.extensions.security.Util;
+import org.jboss.ws.extensions.security.WsuIdResolver;
+import org.jboss.ws.extensions.security.WsuIdTarget;
+import org.jboss.ws.extensions.security.element.Reference;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.SecurityTokenReference;
+import org.jboss.ws.extensions.security.element.Signature;
+import org.jboss.ws.extensions.security.element.X509Token;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+public class SignatureOperation implements EncodingOperation
+{
+ private List<Target> targets;
+ private String alias;
+ private String tokenRefType;
+
+ public SignatureOperation(List<Target> targets, String alias, String tokenRefType)
+ {
+ super();
+ this.targets = targets;
+ this.alias = alias;
+ this.tokenRefType = tokenRefType;
+ }
+
+ private void processTarget(XMLSignature sig, Document message, Target target)
+ {
+ if (target instanceof QNameTarget)
+ processQNameTarget(sig, message, (QNameTarget) target);
+ else if (target instanceof WsuIdTarget)
+ processWsuIdTarget(sig, message, (WsuIdTarget) target);
+ else
+ throw new NotImplementedException();
+ }
+
+ private void processQNameTarget(XMLSignature sig, Document message, QNameTarget target)
+ {
+ QName name = target.getName();
+
+ Transforms transforms = new Transforms(message);
+ try
+ {
+ transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ }
+ catch (TransformationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ Element element = Util.findElement(message.getDocumentElement(), name);
+ if (element == null)
+ throw new RuntimeException("Could not find element");
+
+ String id = Util.assignWsuId(element);
+
+ try
+ {
+ sig.addDocument("#" + id, transforms);
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private void processWsuIdTarget(XMLSignature sig, Document message, WsuIdTarget target)
+ {
+ String id = target.getId();
+
+ Transforms transforms = new Transforms(message);
+ try
+ {
+ transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+ }
+ catch (TransformationException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ try
+ {
+ sig.addDocument("#" + id, transforms);
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void process(Document message, SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ Element envelope = message.getDocumentElement();
+ XMLSignature sig;
+ try
+ {
+ sig = new XMLSignature(message, null, XMLSignature.ALGO_ID_SIGNATURE_RSA, Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ }
+ catch (XMLSecurityException e)
+ {
+ throw new WSSecurityException("Error building signature", e);
+ }
+
+ // For now we pass our resolver the root document because the signature element isn't attached
+ // to the evelope yet (no wsse header). Perhaps we should do this differently
+ sig.addResourceResolver(new WsuIdResolver(message, header.getElement()));
+ PrivateKey key = store.getPrivateKey(alias);
+
+ if (targets == null || targets.size() == 0)
+ {
+ // By default we sign the body element, and a timestamp if it is available
+ String namespace = envelope.getNamespaceURI();
+ processTarget(sig, message, new QNameTarget(new QName(namespace, "Body")));
+ if (header.getTimestamp() != null)
+ processTarget(sig, message, new WsuIdTarget("timestamp"));
+ }
+ else
+ {
+ for (Target target : targets)
+ processTarget(sig, message, target);
+ }
+
+ try
+ {
+ sig.sign(key);
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new WSSecurityException("Error signing message: " + e.getMessage(), e);
+ }
+
+ X509Certificate cert = store.getCertificate(alias);
+ X509Token token = (X509Token) header.getSharedToken(cert);
+
+ // Can we reuse an existing token?
+ if (token == null)
+ {
+ token = new X509Token(cert, message);
+ if (tokenRefType == null || Reference.DIRECT_REFERENCE.equals(tokenRefType))
+ header.addToken(token);
+ }
+
+ SecurityTokenReference reference = new SecurityTokenReference(Reference.getReference(tokenRefType, message, token));
+ sig.getKeyInfo().addUnknownElement(reference.getElement());
+
+ header.addSecurityProcess(new Signature(sig));
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureVerificationOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/SignatureVerificationOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureVerificationOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/SignatureVerificationOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,97 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.jboss.ws.extensions.security.STRTransform;
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.SignatureKeysAssociation;
+import org.jboss.ws.extensions.security.WsuIdResolver;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.SecurityProcess;
+import org.jboss.ws.extensions.security.element.Signature;
+import org.jboss.ws.extensions.security.exception.FailedCheckException;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+public class SignatureVerificationOperation implements DecodingOperation
+{
+ private SecurityHeader header;
+
+ private SecurityStore store;
+
+ public SignatureVerificationOperation(SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ this.header = header;
+ this.store = store;
+ }
+
+ public Collection<String> process(Document message, SecurityProcess process) throws WSSecurityException
+ {
+ Signature signature = (Signature) process;
+ XMLSignature xmlSig = signature.getSignature();
+
+ xmlSig.addResourceResolver(new WsuIdResolver(message));
+ STRTransform.setSecurityStore(store);
+
+ try
+ {
+ if (! xmlSig.checkSignatureValue(signature.getPublicKey()))
+ throw new FailedCheckException("Signature is invalid.");
+
+ SignatureKeysAssociation.saveKey(signature.getPublicKey());
+ }
+ catch (XMLSignatureException e)
+ {
+ throw new WSSecurityException("An unexpected error occured while verifying signature", e);
+ }
+ finally
+ {
+ STRTransform.setSecurityStore(null);
+ }
+
+ SignedInfo info = xmlSig.getSignedInfo();
+ int length = info.getLength();
+ Collection<String> processed = new ArrayList<String>(length);
+ try
+ {
+ for (int i = 0; i < length; i++)
+ {
+ String uri = info.item(i).getURI();
+ if (uri != null && uri.length() > 1 && uri.charAt(0)=='#')
+ processed.add(uri.substring(1));
+ }
+ }
+ catch (XMLSecurityException e)
+ {
+ throw new WSSecurityException("Could not extract references", e);
+ }
+
+ return processed;
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,50 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import org.jboss.ws.extensions.security.SecurityStore;
+import org.jboss.ws.extensions.security.element.SecurityHeader;
+import org.jboss.ws.extensions.security.element.Timestamp;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+public class TimestampOperation implements EncodingOperation
+{
+ private Integer ttl;
+
+ public TimestampOperation(String timeToLive)
+ {
+ try
+ {
+ this.ttl = Integer.valueOf(timeToLive);
+ }
+ catch (NumberFormatException e)
+ {
+ // Eat
+ }
+ }
+
+ public void process(Document message, SecurityHeader header, SecurityStore store) throws WSSecurityException
+ {
+ header.setTimestamp(new Timestamp(ttl, message));
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampVerificationOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TimestampVerificationOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampVerificationOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TimestampVerificationOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,63 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import java.util.Calendar;
+
+import org.jboss.ws.extensions.security.element.Timestamp;
+import org.jboss.ws.extensions.security.exception.FailedCheckException;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+
+public class TimestampVerificationOperation
+{
+ private Calendar now = null;
+
+ public TimestampVerificationOperation()
+ {
+ }
+
+ /**
+ * A special constructor that allows you to use a different value when validating the message.
+ * DO NOT USE THIS UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!.
+ *
+ * @param now The timestamp to use as the current time when validating a message expiration
+ */
+ public TimestampVerificationOperation(Calendar now)
+ {
+ this.now = now;
+ }
+
+ public void process(Document message, Timestamp timestamp) throws WSSecurityException
+ {
+ Calendar expired = timestamp.getExpires();
+ Calendar created = timestamp.getCreated();
+ Calendar now = (this.now == null) ? Calendar.getInstance() : this.now;
+
+ if (created.after(now))
+ throw new WSSecurityException("Invalid timestamp, message claimed to be created after now");
+
+ if (expired != null && ! now.before(expired))
+ throw new FailedCheckException("Expired message.");
+ }
+}
Copied: stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TokenOperation.java (from rev 5882, stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/TokenOperation.java)
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TokenOperation.java (rev 0)
+++ stack/native/trunk/src/main/java/org/jboss/ws/extensions/security/operation/TokenOperation.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,39 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import org.jboss.ws.extensions.security.element.Token;
+import org.jboss.ws.extensions.security.exception.WSSecurityException;
+import org.w3c.dom.Document;
+
+/**
+ * <code>DecodingOperation</code> represents an operation that is applied to a
+ * WS-Security encoded message to both convert and verify the contents of the
+ * message.
+ *
+ * @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
+ * @version $Revision$
+ */
+public interface TokenOperation
+{
+ public void process(Document message, Token token) throws WSSecurityException;
+}
Modified: stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/Username.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/Username.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/Username.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -27,4 +27,32 @@
public class Username implements Serializable
{
private static final long serialVersionUID = 8273360977250180943L;
+
+ private boolean digestPassword;
+
+ private boolean useNonce;
+
+ private boolean useCreated;
+
+ public Username(boolean digestPassword, boolean useNonce, boolean useCreated)
+ {
+ this.digestPassword = digestPassword;
+ this.useNonce = useNonce;
+ this.useCreated = useCreated;
+ }
+
+ public boolean isDigestPassword()
+ {
+ return digestPassword;
+ }
+
+ public boolean isUseNonce()
+ {
+ return useNonce;
+ }
+
+ public boolean isUseCreated()
+ {
+ return useCreated;
+ }
}
Modified: stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
===================================================================
--- stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -244,7 +244,25 @@
}
else if ("username".equals(localName))
{
- return new Username();
+ //By default, we do not use password digest
+ Boolean digestPassword = new Boolean(false);
+ String digestPasswordAttr = attrs.getValue("", "digestPassword");
+ if (digestPasswordAttr != null)
+ digestPassword = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, digestPasswordAttr, null);
+
+ //if password digest is enabled, we use nonces by default
+ Boolean useNonce = new Boolean(true);
+ String useNonceAttr = attrs.getValue("", "useNonce");
+ if (useNonceAttr != null)
+ useNonce = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, useNonceAttr, null);
+
+ //if password digest is enabled, we use the created element by default
+ Boolean useCreated = new Boolean(true);
+ String useCreatedAttr = attrs.getValue("", "useCreated");
+ if (useCreatedAttr != null)
+ useCreated = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, useCreatedAttr, null);
+
+ return new Username(digestPassword, useNonce, useCreated);
}
return null;
Modified: stack/native/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd
===================================================================
--- stack/native/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-03-10 17:50:55 UTC (rev 5908)
@@ -145,7 +145,21 @@
</xs:attribute>
</xs:complexType>
<xs:complexType name="usernameType">
- <xs:sequence/>
+ <xs:attribute name="digestPassword" type="xs:boolean" use="optional">
+ <xs:annotation>
+ <xs:documentation>If true a password digest will be used as password element. The default is false.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="useNonce" type="xs:boolean" use="optional">
+ <xs:annotation>
+ <xs:documentation>Enables/disables nonce usage in the password digest. The default is true.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="useCreated" type="xs:boolean" use="optional">
+ <xs:annotation>
+ <xs:documentation>Enables/disables usage of the Created element in the password digest. The default is true.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="encryptType">
<xs:sequence>
Modified: stack/native/trunk/src/test/java/org/jboss/test/ws/interop/nov2007/wsse/EncryptTestCase.java
===================================================================
--- stack/native/trunk/src/test/java/org/jboss/test/ws/interop/nov2007/wsse/EncryptTestCase.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/test/java/org/jboss/test/ws/interop/nov2007/wsse/EncryptTestCase.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -26,7 +26,7 @@
import junit.framework.Test;
import org.jboss.ws.core.StubExt;
-import org.jboss.ws.extensions.security.EncryptionOperation;
+import org.jboss.ws.extensions.security.operation.EncryptionOperation;
import org.jboss.wsf.test.JBossWSTestSetup;
/**
Modified: stack/native/trunk/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java
===================================================================
--- stack/native/trunk/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java 2008-03-10 13:27:04 UTC (rev 5907)
+++ stack/native/trunk/src/test/java/org/jboss/test/ws/jaxrpc/wsse/RoundTripTestCase.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -35,22 +35,21 @@
import org.jboss.ws.core.soap.MessageFactoryImpl;
import org.jboss.ws.extensions.security.Constants;
-import org.jboss.ws.extensions.security.EncryptionOperation;
-import org.jboss.ws.extensions.security.OperationDescription;
import org.jboss.ws.extensions.security.QNameTarget;
-import org.jboss.ws.extensions.security.RequireEncryptionOperation;
-import org.jboss.ws.extensions.security.RequireSignatureOperation;
import org.jboss.ws.extensions.security.SecurityDecoder;
import org.jboss.ws.extensions.security.SecurityEncoder;
import org.jboss.ws.extensions.security.SecurityStore;
-import org.jboss.ws.extensions.security.SendUsernameOperation;
-import org.jboss.ws.extensions.security.SignatureOperation;
import org.jboss.ws.extensions.security.Target;
-import org.jboss.ws.extensions.security.TimestampOperation;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.WSSecurityAPI;
import org.jboss.ws.extensions.security.WSSecurityDispatcher;
import org.jboss.ws.extensions.security.WsuIdTarget;
+import org.jboss.ws.extensions.security.operation.EncryptionOperation;
+import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
+import org.jboss.ws.extensions.security.operation.RequireSignatureOperation;
+import org.jboss.ws.extensions.security.operation.SendUsernameOperation;
+import org.jboss.ws.extensions.security.operation.SignatureOperation;
+import org.jboss.ws.extensions.security.operation.TimestampOperation;
import org.jboss.ws.metadata.wsse.WSSecurityConfiguration;
import org.jboss.ws.metadata.wsse.WSSecurityOMFactory;
import org.jboss.wsf.common.DOMWriter;
@@ -180,8 +179,8 @@
targets.add(new WsuIdTarget("timestamp"));
LinkedList operations = new LinkedList();
- operations.add(new OperationDescription(TimestampOperation.class, null, null, "300", null, null, null));
- operations.add(new OperationDescription(SignatureOperation.class, targets, "wsse", null, null, null, null));
+ operations.add(new TimestampOperation("300"));
+ operations.add(new SignatureOperation(targets, "wsse", null));
name = new QName("http://org.jboss.ws/2004", "someHeader");
target = new QNameTarget(name);
@@ -192,8 +191,8 @@
target = new QNameTarget(name, true);
targets.add(target);
- operations.add(new OperationDescription(EncryptionOperation.class, targets, "wsse", null, null, null, null));
- operations.add(new OperationDescription(SendUsernameOperation.class, null, "hi", "there", null, null, null));
+ operations.add(new EncryptionOperation(targets, "wsse", null, null, null));
+ operations.add(new SendUsernameOperation("hi", "there"));
return operations;
}
@@ -209,8 +208,8 @@
targets.add(target);
//targets.add(new WsuIdTarget("timestamp"));
LinkedList operations = new LinkedList();
- operations.add(new OperationDescription(RequireSignatureOperation.class, targets, null, null, null, null, null));
- operations.add(new OperationDescription(RequireEncryptionOperation.class, targets, null, null, null, null, null));
+ operations.add(new RequireSignatureOperation(targets));
+ operations.add(new RequireEncryptionOperation(targets));
return operations;
}
Added: stack/native/trunk/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/UsernamePwdDigestTestCase.java
===================================================================
--- stack/native/trunk/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/UsernamePwdDigestTestCase.java (rev 0)
+++ stack/native/trunk/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/UsernamePwdDigestTestCase.java 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.samples.wssecurity;
+
+import java.io.File;
+import java.net.URL;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import junit.framework.Test;
+
+import org.jboss.ws.core.StubExt;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+
+/**
+ * Test WS-Security for Username Token with password digest
+ *
+ * @author alessio.soldano at jboss.com
+ * @since 10-Mar-2008
+ */
+public class UsernamePwdDigestTestCase extends JBossWSTest
+{
+ private static UsernameEndpoint port;
+
+ public static Test suite() throws Exception
+ {
+ return new JBossWSTestSetup(UsernamePwdDigestTestCase.class, "jaxws-samples-wssecurity-username-digest.war");
+ }
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ if (port == null)
+ {
+ URL wsdlURL = new File("resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl").toURL();
+ URL securityURL = new File("resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml").toURL();
+ QName serviceName = new QName("http://org.jboss.ws/samples/wssecurity", "UsernameService");
+
+ Service service = Service.create(wsdlURL, serviceName);
+
+ port = (UsernameEndpoint)service.getPort(UsernameEndpoint.class);
+ ((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
+ ((StubExt)port).setConfigName("Standard WSSecurity Client");
+ }
+ }
+
+ public void testUsernameTokenNegative() throws Exception
+ {
+ try
+ {
+ port.getUsernameToken();
+ fail("Server should respond with [401] - Unauthorized");
+ }
+ catch (Exception ex)
+ {
+ // this should be ok
+ }
+ }
+
+ public void testUsernameToken() throws Exception
+ {
+ Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, "kermit");
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
+
+ String retObj = port.getUsernameToken();
+ assertEquals("kermit", retObj);
+ }
+}
\ No newline at end of file
Property changes on: stack/native/trunk/src/test/java/org/jboss/test/ws/jaxws/samples/wssecurity/UsernamePwdDigestTestCase.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml
===================================================================
--- stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml (rev 0)
+++ stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <username digestPassword="true"/>
+ </config>
+</jboss-ws-security>
\ No newline at end of file
Property changes on: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/jboss-wsse-client.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl
===================================================================
--- stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl (rev 0)
+++ stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,30 @@
+<definitions name='UsernameService' targetNamespace='http://org.jboss.ws/samples/wssecurity' xmlns='http://schemas.xmlsoap.org/wsdl/' xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' xmlns:tns='http://org.jboss.ws/samples/wssecurity' xmlns:xsd='http://www.w3.org/2001/XMLSchema'>
+ <types/>
+ <message name='UsernameEndpoint_getUsernameToken'></message>
+ <message name='UsernameEndpoint_getUsernameTokenResponse'>
+ <part name='return' type='xsd:string'/>
+ </message>
+ <portType name='UsernameEndpoint'>
+ <operation name='getUsernameToken'>
+ <input message='tns:UsernameEndpoint_getUsernameToken'/>
+ <output message='tns:UsernameEndpoint_getUsernameTokenResponse'/>
+ </operation>
+ </portType>
+ <binding name='UsernameEndpointBinding' type='tns:UsernameEndpoint'>
+ <soap:binding style='rpc' transport='http://schemas.xmlsoap.org/soap/http'/>
+ <operation name='getUsernameToken'>
+ <soap:operation soapAction=''/>
+ <input>
+ <soap:body namespace='http://org.jboss.ws/samples/wssecurity' use='literal'/>
+ </input>
+ <output>
+ <soap:body namespace='http://org.jboss.ws/samples/wssecurity' use='literal'/>
+ </output>
+ </operation>
+ </binding>
+ <service name='UsernameService'>
+ <port binding='tns:UsernameEndpointBinding' name='UsernameEndpointPort'>
+ <soap:address location='http://@jboss.bind.address@:8080/jaxws-samples-wssecurity-username-digest'/>
+ </port>
+ </service>
+</definitions>
\ No newline at end of file
Property changes on: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/META-INF/wsdl/UsernameService.wsdl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-web.xml
===================================================================
--- stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-web.xml (rev 0)
+++ stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-web.xml 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS</security-domain>
+</jboss-web>
\ No newline at end of file
Property changes on: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-web.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-wsse-server.xml
===================================================================
--- stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-wsse-server.xml (rev 0)
+++ stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-wsse-server.xml 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+</jboss-ws-security>
\ No newline at end of file
Property changes on: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/jboss-wsse-server.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml
===================================================================
--- stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml (rev 0)
+++ stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml 2008-03-10 17:50:55 UTC (rev 5908)
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <servlet-name>UsernameService</servlet-name>
+ <servlet-class>org.jboss.test.ws.jaxws.samples.wssecurity.UsernameBean</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>UsernameService</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>UsernameService</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>friend</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>JBossWS</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>friend</role-name>
+ </security-role>
+
+</web-app>
+
Property changes on: stack/native/trunk/src/test/resources/jaxws/samples/wssecurity/username-digest/WEB-INF/web.xml
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
More information about the jbossws-commits
mailing list