Re: svn commit: r1031652 - in /cxf/sandbox/wss4j-1.6-port: ./ rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org

Mon, 08 Nov 2010 05:01:42 -0800 

Hi Dan,

> Is it possible to get these lists to be typed in WSS4J...

Yep, absolutely. My immediate priority is to get the CXF branch I
committed to the sandbox to work with WSS4J 1.6-SNAPSHOT. I want to go
through the rt/ws/security module in detail then to take
changes/optimisations in WSS4J into account.

Colm.

On Fri, Nov 5, 2010 at 4:50 PM, Daniel Kulp <dk...@apache.org> wrote:
>
> Colm,
>
>
>>          final WSDocInfo wsDocInfo,
>> -        final java.util.Vector returnResults,
>> +        final java.util.List returnResults,
>>          final WSSConfig config
>
> Is it possible to get these lists to be typed in WSS4J or do they have to be
> List<Obejct>?    For example:
>
> List<WSResult>
>
> or similar?
>
> It would make the code much more readable.
>
> Dan
>
>
>
>
> On Friday 05 November 2010 12:07:12 pm cohei...@apache.org wrote:
>> Author: coheigea
>> Date: Fri Nov  5 16:07:11 2010
>> New Revision: 1031652
>>
>> URL: http://svn.apache.org/viewvc?rev=1031652&view=rev
>> Log:
>> Adding a branch of the WSS4J 1.6 port to sandbox.
>>  - An initial attempt to port CXF to use WSS4J 1.6-SNAPSHOT.
>>  - All the unit tests pass, 13 system tests are failing.
>>  - WSS4J 1.6-SNAPSHOT is not currently available in the snapshot repo, but
>> will be shortly when I set up the hudson build.
>>
>> Added:
>>     cxf/sandbox/wss4j-1.6-port/
>>       - copied from r1031553, cxf/trunk/
>> Modified:
>>     cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
>>
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java
>>
>> Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom
>> .xml?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml (original)
>> +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/pom.xml Fri Nov  5 16:07:11
>> 2010 @@ -91,7 +91,7 @@
>>          <dependency>
>>              <groupId>org.apache.ws.security</groupId>
>>              <artifactId>wss4j</artifactId>
>> -            <version>1.5.9</version>
>> +            <version>1.6-SNAPSHOT</version>
>>              <exclusions>
>>                  <exclusion>
>>                      <groupId>axis</groupId>
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterc
>> eptorProvider.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
>> +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Nov  5
>> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.polic
>>
>>  import java.util.Arrays;
>>  import java.util.Collection;
>> +import java.util.List;
>>  import java.util.Vector;
>>
>>
>> @@ -215,7 +216,7 @@ public class IssuedTokenInterceptorProvi
>>                              WSHandlerResult rResult =
>>                                      (WSHandlerResult) results.get(i);
>>
>> -                            Vector wsSecEngineResults =
>> rResult.getResults(); +                            List wsSecEngineResults
>> = rResult.getResults();
>>
>>                              for (int j = 0; j < wsSecEngineResults.size();
>> j++) { //WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversatio
>> nInInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java
>> (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/policy/interceptors/SecureConversationInInterceptor.java Fri Nov
>> 5 16:07:11 2010 @@ -455,7 +455,7 @@ class SecureConversationInInterceptor
>> ex
>>                      WSHandlerResult rResult =
>>                              (WSHandlerResult) results.get(i);
>>
>> -                    Vector wsSecEngineResults = rResult.getResults();
>> +                    List wsSecEngineResults = rResult.getResults();
>>
>>                      for (int j = 0; j < wsSecEngineResults.size(); j++) {
>>                          WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthentica
>> tingInterceptor.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
>> (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Fri Nov
>> 5 16:07:11 2010 @@ -224,7 +224,7 @@ public abstract class
>> AbstractUsernameTo
>>              if (c instanceof WSPasswordCallback) {
>>                  WSPasswordCallback pc = (WSPasswordCallback)c;
>>                  if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType())
>> -                    && pc.getUsage() ==
>> WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { +                    &&
>> pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
>> AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
>> pc.getIdentifier(), pc.getPassword(), false, null, null); }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=103
>> 1652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/CryptoCoverageUtil.java Fri Nov  5 16:07:11 2010 @@ -82,9
>> +82,9 @@ public final class CryptoCoverageUtil {
>>                  final WSDataRef signedRef = signedRefsIt.next();
>>
>>                  if (isSignedEncryptionRef(encryptedRef, signedRef)) {
>> -
>> -                    final WSDataRef encryptedSignedRef =
>> -                        new WSDataRef(signedRef.getDataref());
>> +
>> +                    final WSDataRef encryptedSignedRef = new WSDataRef();
>> +                    encryptedSignedRef.setWsuId(signedRef.getWsuId());
>>
>>                      encryptedSignedRef.setContent(false);
>>                      encryptedSignedRef.setName(encryptedRef.getName());
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.j
>> ava?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Nov  5 16:07:11 2010
>> @@ -455,7 +455,7 @@ public class PolicyBasedWSS4JInIntercept
>>      }
>>
>>      protected void doResults(SoapMessage msg, String actor,
>> -                             SOAPMessage doc, Vector results, boolean
>> utWithCallbacks) +                             SOAPMessage doc, List
>> results, boolean utWithCallbacks) throws SOAPException,
>> XMLStreamException, WSSecurityException {
>>
>>          AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCa
>> llbacks.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Fri Nov  5
>> 16:07:11 2010 @@ -20,7 +20,7 @@
>>  package org.apache.cxf.ws.security.wss4j;
>>
>>  import java.security.Principal;
>> -import java.util.Vector;
>> +import java.util.List;
>>  import java.util.logging.Level;
>>  import java.util.logging.Logger;
>>
>> @@ -54,7 +54,7 @@ public class UsernameTokenProcessorWitho
>>
>>     �...@suppresswarnings("unchecked")
>>      public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
>> CallbackHandler cb, -        WSDocInfo wsDocInfo, Vector returnResults,
>> WSSConfig wsc) throws WSSecurityException { +        WSDocInfo wsDocInfo,
>> List returnResults, WSSConfig wsc) throws WSSecurityException { if
>> (LOG.isLoggable(Level.FINE)) {
>>              LOG.fine("Found UsernameToken list element");
>>          }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=103
>> 1652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/WSS4JInInterceptor.java Fri Nov  5 16:07:11 2010 @@ -192,7
>> +192,7 @@ public class WSS4JInInterceptor extends
>>          try {
>>              reqData.setMsgContext(msg);
>>              computeAction(msg, reqData);
>> -            Vector actions = new Vector();
>> +            List actions = new Vector();
>>              String action = getAction(msg, version);
>>
>>              int doAction = WSSecurityUtil.decodeAction(action, actions);
>> @@ -207,7 +207,7 @@ public class WSS4JInInterceptor extends
>>               */
>>              doReceiverAction(doAction, reqData);
>>
>> -            Vector wsResult = null;
>> +            List wsResult = null;
>>              if (doTimeLog) {
>>                  t1 = System.currentTimeMillis();
>>              }
>> @@ -284,7 +284,7 @@ public class WSS4JInInterceptor extends
>>          }
>>      }
>>
>> -    private void checkActions(SoapMessage msg, RequestData reqData, Vector
>> wsResult, Vector actions) +    private void checkActions(SoapMessage msg,
>> RequestData reqData, List wsResult, List actions) throws
>> WSSecurityException {
>>          /*
>>           * now check the security actions: do they match, in any order?
>> @@ -294,7 +294,7 @@ public class WSS4JInInterceptor extends
>>              throw new
>> WSSecurityException(WSSecurityException.INVALID_SECURITY); }
>>      }
>> -    private void checkSignatures(SoapMessage msg, RequestData reqData,
>> Vector wsResult) +    private void checkSignatures(SoapMessage msg,
>> RequestData reqData, List wsResult) throws WSSecurityException {
>>          /*
>>           * Now we can check the certificate used to sign the message. In
>> the @@ -306,7 +306,7 @@ public class WSS4JInInterceptor extends
>>           */
>>
>>          // Extract the signature action result from the action vector
>> -        Vector signatureResults = new Vector();
>> +        List signatureResults = new Vector();
>>          signatureResults =
>>              WSSecurityUtil.fetchAllActionResults(wsResult,
>> WSConstants.SIGN, signatureResults);
>>
>> @@ -327,7 +327,7 @@ public class WSS4JInInterceptor extends
>>          }
>>      }
>>
>> -    protected void checkTimestamps(SoapMessage msg, RequestData reqData,
>> Vector wsResult) +    protected void checkTimestamps(SoapMessage msg,
>> RequestData reqData, List wsResult) throws WSSecurityException {
>>          /*
>>           * Perform further checks on the timestamp that was transmitted in
>> @@ -338,7 +338,7 @@ public class WSS4JInInterceptor extends
>>           * other validation algorithms for subclasses.
>>           */
>>          // Extract the timestamp action result from the action vector
>> -        Vector timestampResults = new Vector();
>> +        List timestampResults = new Vector();
>>          timestampResults =
>>              WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS,
>> timestampResults);
>>
>> @@ -368,12 +368,12 @@ public class WSS4JInInterceptor extends
>>
>>      }
>>
>> -    protected void doResults(SoapMessage msg, String actor, SOAPMessage
>> doc, Vector wsResult) +    protected void doResults(SoapMessage msg,
>> String actor, SOAPMessage doc, List wsResult) throws SOAPException,
>> XMLStreamException, WSSecurityException { doResults(msg, actor, doc,
>> wsResult, false);
>>      }
>>
>> -    protected void doResults(SoapMessage msg, String actor, SOAPMessage
>> doc, Vector wsResult, +    protected void doResults(SoapMessage msg,
>> String actor, SOAPMessage doc, List wsResult, boolean utWithCallbacks)
>> throws SOAPException, XMLStreamException, WSSecurityException { /*
>>           * All ok up to this point. Now construct and setup the security
>> result
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingB
>> uilder.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Nov  5
>> 16:07:11 2010 @@ -22,10 +22,13 @@ package org.apache.cxf.ws.security.wss4j
>>  import java.io.IOException;
>>  import java.io.InputStream;
>>  import java.net.URL;
>> +import java.security.InvalidAlgorithmParameterException;
>>  import java.security.KeyStoreException;
>> +import java.security.NoSuchAlgorithmException;
>>  import java.security.cert.X509Certificate;
>>  import java.util.ArrayList;
>>  import java.util.Collection;
>> +import java.util.Collections;
>>  import java.util.Enumeration;
>>  import java.util.HashMap;
>>  import java.util.HashSet;
>> @@ -40,6 +43,10 @@ import java.util.logging.Level;
>>  import java.util.logging.Logger;
>>
>>  import javax.security.auth.callback.CallbackHandler;
>> +import javax.xml.crypto.XMLStructure;
>> +import javax.xml.crypto.dom.DOMStructure;
>> +import javax.xml.crypto.dsig.DigestMethod;
>> +import javax.xml.crypto.dsig.Transform;
>>  import javax.xml.namespace.QName;
>>  import javax.xml.soap.SOAPException;
>>  import javax.xml.soap.SOAPHeader;
>> @@ -121,16 +128,13 @@ import org.apache.ws.security.message.WS
>>  import org.apache.ws.security.message.token.SecurityTokenReference;
>>  import org.apache.ws.security.transform.STRTransform;
>>  import org.apache.ws.security.util.WSSecurityUtil;
>> -import org.apache.xml.security.signature.XMLSignatureException;
>> -import org.apache.xml.security.transforms.TransformationException;
>> -import org.apache.xml.security.transforms.Transforms;
>>
>>  /**
>>   *
>>   */
>>  public abstract class AbstractBindingBuilder {
>>      public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
>> -    private static final Logger LOG =
>> LogUtils.getL7dLogger(AbstractBindingBuilder.class); +    protected static
>> final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
>>
>>
>>      protected SPConstants.ProtectionOrder protectionOrder =
>> SPConstants.ProtectionOrder.SignBeforeEncrypting; @@ -569,8 +573,7 @@
>> public abstract class AbstractBindingBui
>>                      // coupled with WSSecSignatureHelper. This approach is
>> used so that // we can force WSS4J to sign the assertion through a STR
>> that // WSS4J did not create during message signature creation. -
>>           part = new WSEncryptionPart(tempSig.getStrUri(),
>> "ExternalSTRTransform", "Element", -
>> WSConstants.PART_TYPE_ELEMENT);
>> +                    part = new WSEncryptionPart(tempSig.getStrUri(),
>> "ExternalSTRTransform", "Element");
>>
>>                  } else {
>>                      if (tempSig.getBSTTokenId() != null) {
>> @@ -922,13 +925,11 @@ public abstract class AbstractBindingBui
>>              if (sign) {
>>                  result.add(new WSEncryptionPart(
>>                          id,
>> -                        "Element",
>> -                        WSConstants.PART_TYPE_BODY));
>> +                        "Element"));
>>              } else {
>>                  result.add(new WSEncryptionPart(
>>                          id,
>> -                        "Content",
>> -                        WSConstants.PART_TYPE_BODY));
>> +                        "Content"));
>>              }
>>          }
>>
>> @@ -958,8 +959,7 @@ public abstract class AbstractBindingBui
>>                      final String id = this.addWsuIdToElement(el);
>>                      result.add(new WSEncryptionPart(
>>                              id,
>> -                            part.getEncModifier(),
>> -                            WSConstants.PART_TYPE_HEADER));
>> +                            part.getEncModifier()));
>>                  }
>>              }
>>          }
>> @@ -1020,8 +1020,7 @@ public abstract class AbstractBindingBui
>>
>>                          WSEncryptionPart part = new WSEncryptionPart(
>>                                  id,
>> -                                encryptionModifier,
>> -                                WSConstants.PART_TYPE_ELEMENT);
>> +                                encryptionModifier);
>>                          part.setXpath(expression);
>>
>>                          /**
>> @@ -1221,7 +1220,7 @@ public abstract class AbstractBindingBui
>>              WSHandlerResult rResult =
>>                      (WSHandlerResult) results.get(i);
>>
>> -            Vector wsSecEngineResults = rResult.getResults();
>> +            List wsSecEngineResults = rResult.getResults();
>>              /*
>>              * Scan the results for the first Signature action. Use the
>>              * certificate of this Signature to set the certificate for the
>> @@ -1256,7 +1255,7 @@ public abstract class AbstractBindingBui
>>              WSHandlerResult rResult =
>>                       (WSHandlerResult) results.get(i);
>>
>> -            Vector wsSecEngineResults = rResult.getResults();
>> +            List wsSecEngineResults = rResult.getResults();
>>              /*
>>               * Scan the results for a username token. Use the username
>>               * of this token to set the alias for the encryption user
>> @@ -1386,9 +1385,8 @@ public abstract class AbstractBindingBui
>>                      sigParts.add(new
>> WSEncryptionPart(sig.getBSTTokenId())); }
>>                  try {
>> -                    sig.addReferencesToSign(sigParts, secHeader);
>> -                    sig.computeSignature();
>> -                    sig.appendToHeader(secHeader);
>> +                    List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); +                    sig.computeSignature(referenceList,
>> false, null);
>>
>>                      signatures.add(sig.getSignatureValue());
>>                      if (isSigProtect) {
>> @@ -1488,14 +1486,13 @@ public abstract class AbstractBindingBui
>>
>>          dkSign.setParts(sigParts);
>>
>> -        dkSign.addReferencesToSign(sigParts, secHeader);
>> +        List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>> -        //Do signature
>> -        dkSign.computeSignature();
>> -
>>          //Add elements to header
>>          addSupportingElement(dkSign.getdktElement());
>> -
>> secHeader.getSecurityHeader().appendChild(dkSign.getSignatureElement()); +
>> +        //Do signature
>> +        dkSign.computeSignature(referenceList, false, null);
>>
>>          signatures.add(dkSign.getSignatureValue());
>>      }
>> @@ -1546,13 +1543,11 @@ public abstract class AbstractBindingBui
>>          sig.prepare(doc, getSignatureCrypto(null), secHeader);
>>
>>          sig.setParts(sigParts);
>> -        sig.addReferencesToSign(sigParts, secHeader);
>> +        List referenceList = sig.addReferencesToSign(sigParts, secHeader);
>>
>>          //Do signature
>> -        sig.computeSignature();
>> +        sig.computeSignature(referenceList, false, null);
>>          signatures.add(sig.getSignatureValue());
>> -
>> -
>> secHeader.getSecurityHeader().appendChild(sig.getSignatureElement()); }
>>      protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
>>
>> assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING
>> _TOKENS)); @@ -1728,8 +1723,7 @@ public abstract class AbstractBindingBui
>>                      signedEncryptedParts.add(
>>                              new WSEncryptionPart(
>>                                      encryptedPart.getEncId(),
>> -                                    encryptedPart.getEncModifier(),
>> -                                    encryptedPart.getType()));
>> +                                    encryptedPart.getEncModifier()));
>>                  }
>>              }
>>          }
>> @@ -1747,36 +1741,62 @@ public abstract class AbstractBindingBui
>>          }
>>
>>         �...@override
>> -        public void addReferencesToSign(Vector references,
>> +        public List addReferencesToSign(List references,
>>                  WSSecHeader secHeader) throws WSSecurityException {
>>              final Vector<Object> unalteredReferences = new
>> Vector<Object>();
>>
>> +            List uberReferences = new Vector();
>>              try {
>> +                DigestMethod digestMethod;
>> +                try {
>> +                    digestMethod =
>> signatureFactory.newDigestMethod(this.getDigestAlgo(), null); +
>>     } catch (Exception ex) {
>> +                    throw new WSSecurityException(
>> +                        WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, ex +                    );
>> +                }
>> +
>>                  for (int part = 0; part < references.size(); part++) {
>>                      final WSEncryptionPart encPart = (WSEncryptionPart)
>> references.get(part);
>>
>>                      final String elemName = encPart.getName();
>> -                    final Transforms transforms = new
>> Transforms(document);
>>
>>                      if (elemName != null &&
>> "ExternalSTRTransform".equals(encPart.getNamespace())) { final Element ctx
>> = this.createSTRParameter(document); -
>> transforms.addTransform(STRTransform.implementedTransformURI, ctx); -
>>                   this.sig.addDocument("#" + elemName, transforms,
>> this.getDigestAlgo()); +
>> +                        XMLStructure structure = new DOMStructure(ctx);
>> +                        Transform transform =
>> +                            signatureFactory.newTransform(
>> +                                STRTransform.TRANSFORM_URI,
>> +                                structure
>> +                            );
>> +
>> +                        javax.xml.crypto.dsig.Reference reference =
>> +                            signatureFactory.newReference(
>> +                                "#" + elemName,
>> +                                digestMethod,
>> +                                Collections.singletonList(transform),
>> +                                null,
>> +                                null
>> +                            );
>> +                        uberReferences.add(reference);
>>                      } else {
>>                          unalteredReferences.add(encPart);
>>                      }
>>                  }
>> -            } catch (TransformationException e1) {
>> +            } catch (NoSuchAlgorithmException e1) {
>>                  throw new WSSecurityException(
>>                      WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, e1 );
>> -            } catch (XMLSignatureException e1) {
>> +            } catch (InvalidAlgorithmParameterException e1) {
>>                  throw new WSSecurityException(
>>                      WSSecurityException.FAILED_SIGNATURE, "noXMLSig",
>> null, e1 );
>>              }
>>
>> -            super.addReferencesToSign(unalteredReferences, secHeader);
>> +            List newReferences =
>> super.addReferencesToSign(unalteredReferences, secHeader); +
>> uberReferences.addAll(newReferences);
>> +            return uberReferences;
>>          }
>>      }
>>
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindin
>> gHandler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/AsymmetricBindingHandler.java Fri Nov  5
>> 16:07:11 2010 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
>>
>>
>>  import java.util.Collection;
>> +import java.util.List;
>>  import java.util.Vector;
>>  import java.util.logging.Level;
>>  import java.util.logging.Logger;
>> @@ -373,16 +374,22 @@ public class AsymmetricBindingHandler ex
>>
>>                  dkSign.setParts(sigParts);
>>
>> -                dkSign.addReferencesToSign(sigParts, secHeader);
>> -
>> -                // Do signature
>> -                dkSign.computeSignature();
>> -                signatures.add(dkSign.getSignatureValue());
>> +                List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>>                  // Add elements to header
>>                  addDerivedKeyElement(dkSign.getdktElement());
>> -                insertBeforeBottomUp(dkSign.getSignatureElement());
>> -                mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); +
>> +                //Do signature
>> +                if (bottomUpElement == null) {
>> +                    dkSign.computeSignature(referenceList, false, null);
>> +                } else {
>> +                    dkSign.computeSignature(referenceList, true,
>> bottomUpElement); +                }
>> +                bottomUpElement = dkSign.getSignatureElement();
>> +                signatures.add(dkSign.getSignatureValue());
>> +
>> +                // TODO mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); +
>> mainSigId = dkSign.getId();
>>              } catch (Exception e) {
>>                  //REVISIT
>>                  e.printStackTrace();
>> @@ -397,14 +404,21 @@ public class AsymmetricBindingHandler ex
>>              }
>>
>>              sig.prependBSTElementToHeader(secHeader);
>> -            insertBeforeBottomUp(sig.getSignatureElement());
>>              sigParts.addAll(this.getSignedParts());
>>
>> -            sig.addReferencesToSign(sigParts, secHeader);
>> -            sig.computeSignature();
>> +            List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); +            //Do signature
>> +            if (bottomUpElement == null) {
>> +                sig.computeSignature(referenceList, false, null);
>> +            } else {
>> +                sig.computeSignature(referenceList, true,
>> bottomUpElement); +            }
>> +            bottomUpElement = sig.getSignatureElement();
>> +
>>              signatures.add(sig.getSignatureValue());
>>
>> -            mainSigId = addWsuIdToElement(sig.getSignatureElement());
>> +            //TODO mainSigId =
>> addWsuIdToElement(sig.getSignatureElement()); +            mainSigId =
>> sig.getId();
>>          }
>>      }
>>
>> @@ -442,7 +456,7 @@ public class AsymmetricBindingHandler ex
>>              WSHandlerResult rResult =
>>                      (WSHandlerResult) results.get(i);
>>
>> -            Vector wsSecEngineResults = rResult.getResults();
>> +            List wsSecEngineResults = rResult.getResults();
>>              /*
>>              * Scan the results for the first Signature action. Use the
>>              * certificate of this Signature to set the certificate for the
>> @@ -469,7 +483,7 @@ public class AsymmetricBindingHandler ex
>>              WSHandlerResult rResult =
>>                      (WSHandlerResult) results.get(i);
>>
>> -            Vector wsSecEngineResults = rResult.getResults();
>> +            List wsSecEngineResults = rResult.getResults();
>>              /*
>>              * Scan the results for the first Signature action. Use the
>>              * certificate of this Signature to set the certificate for the
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBinding
>> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Nov  5
>> 16:07:11 2010 @@ -23,7 +23,9 @@ package org.apache.cxf.ws.security.wss4j
>>  import java.security.MessageDigest;
>>  import java.security.NoSuchAlgorithmException;
>>  import java.util.Calendar;
>> +import java.util.List;
>>  import java.util.Vector;
>> +import java.util.logging.Level;
>>
>>  import javax.xml.soap.SOAPMessage;
>>
>> @@ -509,16 +511,13 @@ public class SymmetricBindingHandler ext
>>
>>                      if (!isRequestor()) {
>>                          if (encrTok.getSHA1() != null) {
>> -                            encr.setUseKeyIdentifier(true);
>>
>> encr.setCustomReferenceValue(encrTok.getSHA1());
>> encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); }
>> else {
>> -                            encr.setUseKeyIdentifier(true);
>>
>> encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF); }
>>                      } else {
>>                          if (encrToken instanceof IssuedToken) {
>> -                            encr.setUseKeyIdentifier(true);
>>
>> encr.setCustomReferenceValue(SecurityTokenReference.SAML_ID_URI);
>> encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); }
>> @@ -627,16 +626,22 @@ public class SymmetricBindingHandler ext
>>          }
>>
>>          dkSign.setParts(sigs);
>> -        dkSign.addReferencesToSign(sigs, secHeader);
>> +        List referenceList = dkSign.addReferencesToSign(sigs, secHeader);
>>
>> -        //Do signature
>> -        dkSign.computeSignature();
>> -
>>          //Add elements to header
>>          Element el = dkSign.getdktElement();
>> -        addDerivedKeyElement(el);
>> -        insertBeforeBottomUp(dkSign.getSignatureElement());
>> -        this.mainSigId = addWsuIdToElement(dkSign.getSignatureElement());
>> +        addDerivedKeyElement(el);
>> +
>> +        //Do signature
>> +        if (bottomUpElement == null) {
>> +            dkSign.computeSignature(referenceList, false, null);
>> +        } else {
>> +            dkSign.computeSignature(referenceList, true, bottomUpElement);
>> +        }
>> +        bottomUpElement = dkSign.getSignatureElement();
>> +
>> +        // TODO this.mainSigId =
>> addWsuIdToElement(dkSign.getSignatureElement()); +        this.mainSigId =
>> dkSign.getId();
>>
>>          return dkSign.getSignatureValue();
>>      }
>> @@ -700,15 +705,21 @@ public class SymmetricBindingHandler ext
>>              }
>>
>> this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO,
>> crypto); sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
>> +            String soap =
>> org.apache.ws.security.util.DOM2Writer.nodeToString(saaj.getSOAPPart()); +
>>            LOG.log(Level.FINE, "SOAP: " + soap);
>>              sig.setParts(sigs);
>> -            sig.addReferencesToSign(sigs, secHeader);
>> +            List referenceList = sig.addReferencesToSign(sigs, secHeader);
>>
>>              //Do signature
>> -            sig.computeSignature();
>> +            if (bottomUpElement == null) {
>> +                sig.computeSignature(referenceList, false, null);
>> +            } else {
>> +                sig.computeSignature(referenceList, true,
>> bottomUpElement); +            }
>> +            bottomUpElement = sig.getSignatureElement();
>>
>> -            Element mainSigElement = sig.getSignatureElement();
>> -            insertBeforeBottomUp(mainSigElement);
>> -            mainSigId = addWsuIdToElement(mainSigElement);
>> +            // TODO mainSigId = addWsuIdToElement(mainSigElement);
>> +            this.mainSigId = sig.getId();
>>              return sig.getSignatureValue();
>>          }
>>      }
>> @@ -747,14 +758,14 @@ public class SymmetricBindingHandler ext
>>
>>      private String getEncryptedKey() {
>>
>> -        Vector results = (Vector)message.getExchange().getInMessage()
>> +        List results = (List)message.getExchange().getInMessage()
>>              .get(WSHandlerConstants.RECV_RESULTS);
>>
>>          for (int i = 0; i < results.size(); i++) {
>>              WSHandlerResult rResult =
>>                      (WSHandlerResult) results.get(i);
>>
>> -            Vector wsSecEngineResults = rResult.getResults();
>> +            List wsSecEngineResults = rResult.getResults();
>>
>>              for (int j = 0; j < wsSecEngineResults.size(); j++) {
>>                  WSSecurityEngineResult wser =
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBinding
>> Handler.java?rev=1031652&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/
>> security/wss4j/policyhandlers/TransportBindingHandler.java Fri Nov  5
>> 16:07:11 2010 @@ -20,6 +20,7 @@
>>  package org.apache.cxf.ws.security.wss4j.policyhandlers;
>>
>>  import java.util.Collection;
>> +import java.util.List;
>>  import java.util.Vector;
>>
>>  import javax.xml.soap.SOAPMessage;
>> @@ -262,13 +263,11 @@ public class TransportBindingHandler ext
>>              */
>>
>>              dkSig.setParts(sigParts);
>> -            dkSig.addReferencesToSign(sigParts, secHeader);
>> +            List referenceList = dkSig.addReferencesToSign(sigParts,
>> secHeader);
>>
>>              //Do signature
>> -            dkSig.computeSignature();
>> -
>>              dkSig.appendDKElementToHeader(secHeader);
>> -            dkSig.appendSigToHeader(secHeader);
>> +            dkSig.computeSignature(referenceList, false, null);
>>
>>              return dkSig.getSignatureValue();
>>          } else {
>> @@ -276,10 +275,14 @@ public class TransportBindingHandler ext
>>              if (sig != null) {
>>                  sig.prependBSTElementToHeader(secHeader);
>>
>> -                sig.addReferencesToSign(sigParts, secHeader);
>> -                insertBeforeBottomUp(sig.getSignatureElement());
>> -
>> -                sig.computeSignature();
>> +                List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader); +
>> +                if (bottomUpElement == null) {
>> +                    sig.computeSignature(referenceList, false, null);
>> +                } else {
>> +                    sig.computeSignature(referenceList, true,
>> bottomUpElement); +                }
>> +                bottomUpElement = sig.getSignatureElement();
>>
>>                  return sig.getSignatureValue();
>>              } else {
>> @@ -375,12 +378,10 @@ public class TransportBindingHandler ext
>>              addDerivedKeyElement(dkSign.getdktElement());
>>
>>              dkSign.setParts(sigParts);
>> -            dkSign.addReferencesToSign(sigParts, secHeader);
>> +            List referenceList = dkSign.addReferencesToSign(sigParts,
>> secHeader);
>>
>>              //Do signature
>> -            dkSign.computeSignature();
>> -
>> -            dkSign.appendSigToHeader(secHeader);
>> +            dkSign.computeSignature(referenceList, false, null);
>>
>>              return dkSign.getSignatureValue();
>>          } else {
>> @@ -425,14 +426,16 @@ public class TransportBindingHandler ext
>>              sig.prepare(doc, crypto, secHeader);
>>
>>              sig.setParts(sigParts);
>> -            sig.addReferencesToSign(sigParts, secHeader);
>> +            List referenceList = sig.addReferencesToSign(sigParts,
>> secHeader);
>>
>>              //Do signature
>> -            sig.computeSignature();
>> -
>> -            //Add elements to header
>> -            insertBeforeBottomUp(sig.getSignatureElement());
>> -
>> +            if (bottomUpElement == null) {
>> +                sig.computeSignature(referenceList, false, null);
>> +            } else {
>> +                sig.computeSignature(referenceList, true,
>> bottomUpElement); +            }
>> +            bottomUpElement = sig.getSignatureElement();
>> +
>>              return sig.getSignatureValue();
>>          }
>>      }
>>
>> Modified:
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java URL:
>> http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src
>> /test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=103165
>> 2&r1=1031553&r2=1031652&view=diff
>> ==========================================================================
>> ==== ---
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java (original) +++
>> cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/
>> security/wss4j/CustomProcessor.java Fri Nov  5 16:07:11 2010 @@ -40,7 +40,7
>> @@ public class CustomProcessor implements
>>          final Crypto decCrypto,
>>          final javax.security.auth.callback.CallbackHandler cb,
>>          final WSDocInfo wsDocInfo,
>> -        final java.util.Vector returnResults,
>> +        final java.util.List returnResults,
>>          final WSSConfig config
>>      ) throws WSSecurityException {
>>          final java.util.Map result =
>
> --
> Daniel Kulp
> dk...@apache.org
> http://dankulp.com/blog
>

Reply via email to