Package com.sun.xml.wss.impl.policy.mls

Examples of com.sun.xml.wss.impl.policy.mls.SignatureTarget$Transform

907
908
909
910
911
912
913
914
915
916
917
918
919
920
            /*if (!hasTimestampSiblingPolicy(signingSettings)) {
                ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
                .includeTimestamp(timeStamp);
            } else {*/
            // add an Xpath target to existing singular timestamp
            SignatureTarget st = new SignatureTarget();
            st.setType("qname");
            st.setValue(MessageConstants.TIMESTAMP_QNAME);
            st.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
            ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding()).
                    addTargetBinding(st);
           
            //}
        }
View Full Code Here
938
939
940
941
942
943
944
945
946
947
948
949
950
951
            /*if (!hasTimestampSiblingPolicy(signingSettings)) {
                ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
                .includeTimestamp(timeStamp);
            } else {*/
            // add an Xpath target to existing singular timestamp
            SignatureTarget st = new SignatureTarget();
            st.setType("qname");
            st.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
            st.setValue(MessageConstants.TIMESTAMP_QNAME);
            ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding()).
                    addTargetBinding(st);
           
            //}
        }
View Full Code Here
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
        return target;
    }
   
    private static Target readTargetSettings(Element targetSettings, boolean signature) {
        if (signature) {
            SignatureTarget target = new SignatureTarget();
            target.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
            return readTargetSettings(targetSettings, target);
        } else {
            EncryptionTarget target = new EncryptionTarget();
            return readTargetSettings(targetSettings, target);
        }
View Full Code Here
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
            logger.log(Level.FINEST, "Number of Targets is"+targetList.size());
        }
       
        while(iterator.hasNext()) {
           
            SignatureTarget signatureTarget = (SignatureTarget)iterator.next();
            String digestAlgo = signatureTarget.getDigestAlgorithm();
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, "Digest Algorithm is "+digestAlgo);
                logger.log(Level.FINEST, "Targets is"+signatureTarget.getValue());
            }
            DigestMethod digestMethod =null;
            try{
                digestMethod = signatureFactory.newDigestMethod(digestAlgo, null);
            }catch(Exception ex){
                logger.log(Level.SEVERE,LogStringsMessages.WSS_1301_INVALID_DIGEST_ALGO(digestAlgo),ex);
                throw new XWSSecurityException(ex.getMessage());
            }
           
            boolean exclTransformToBeAdded = false;
            ArrayList transforms = signatureTarget.getTransforms();
            ListIterator transformIterator = transforms.listIterator();
            ArrayList transformList = new ArrayList(2);
            boolean disableInclusivePrefix = false;
            while(transformIterator.hasNext()) {
                SignatureTarget.Transform transformInfo = (SignatureTarget.Transform)transformIterator.next();
                String transformAlgo = transformInfo.getTransform();
                Transform transform = null;
               
                if(logger.isLoggable(Level.FINEST))
                    logger.log(Level.FINEST, "Transform Algorithm is "+transformAlgo);
                if(transformAlgo == Transform.XPATH || transformAlgo.equals(Transform.XPATH)){
                    TransformParameterSpec spec =(TransformParameterSpec) transformInfo.getAlgorithmParameters();
                    //XPathFilterParameterSpec spec = null;
                   
                    if(spec == null){
                        logger.log(Level.SEVERE,LogStringsMessages.WSS_1367_ILLEGAL_XPATH());
                        throw new XWSSecurityException("XPATH parameters cannot be null");
                       
                    }
                    //XPATH2,XSLTC , ..
                    transform = signatureFactory.newTransform(transformAlgo,spec);
                   
                }else if(transformAlgo == Transform.XPATH2 || transformAlgo.equals(Transform.XPATH2)){
                    TransformParameterSpec transformParams = (TransformParameterSpec)transformInfo.getAlgorithmParameters();
                    transform= signatureFactory.newTransform(transformAlgo,transformParams);
                }else if (transformAlgo == MessageConstants.STR_TRANSFORM_URI || transformAlgo.equals(MessageConstants.STR_TRANSFORM_URI)){
                    Parameter transformParams =(Parameter) transformInfo.getAlgorithmParameters();
                    String  algo = null;
                    if(transformParams.getParamName().equals("CanonicalizationMethod")){
                        algo = transformParams.getParamValue();
                    }
                    if(algo == null){
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1368_ILLEGAL_STR_CANONCALIZATION());
                        throw new XWSSecurityException("STR Transform must have a"+
                                "canonicalization method specified");
                    }
                    if(logger.isLoggable(Level.FINEST)){
                        logger.log(Level.FINEST, "CanonicalizationMethod is " + algo);
                    }
                    CanonicalizationMethod cm = null;
                    C14NMethodParameterSpec spec = null;
                    try{
                        Document doc = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING).newDocumentBuilder().newDocument();
                        Element tp = doc.createElementNS(MessageConstants.WSSE_NS, "wsse:TransformationParameters");
                        Element cem = doc.createElementNS(MessageConstants.DSIG_NS, "ds:CanonicalizationMethod");
                        tp.appendChild(cem);
                        cem.setAttribute("Algorithm",algo);
                        doc.appendChild(tp);
                        XMLStructure transformSpec = new DOMStructure(tp);
                        transform = signatureFactory.newTransform(transformAlgo,transformSpec);
                    }catch(Exception ex){
                        logger.log(Level.SEVERE,LogStringsMessages.WSS_1300_DSIG_TRANSFORM_PARAM_ERROR(),ex);
                        throw new XWSSecurityException(ex.getMessage());
                    }
                } else if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // should be there by default...
                    // As per R 5412, last child of ds:Transforms must be either excl-c14n, or attachment-content only or attachment-complete transform
                    exclTransformToBeAdded = true;
                    disableInclusivePrefix = transformInfo.getDisableInclusivePrefix();
                } else {
                    //                    XMLStructure transformSpec = null;
                    //                    transform = signatureFactory.newTransform(transformAlgo,transformSpec);
                    //                    Workaround for JSR105 bug
                    transform = signatureFactory.newTransform(transformAlgo,(TransformParameterSpec) null);
                }
                if (!MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // will add c14n transform in the end; later
                    transformList.add(transform);
                }
            }
            String targetURI = "";
            String signatureType = signatureTarget.getType();
            SOAPMessage msg = secureMessage.getSOAPMessage();
            boolean headersOnly = signatureTarget.isSOAPHeadersOnly();
            if(signatureType.equals(SignatureTarget.TARGET_TYPE_VALUE_QNAME) || signatureType.equals(SignatureTarget.TARGET_TYPE_VALUE_XPATH)){
               
                String expr = null;
                NodeList nodes  = null;
                if( signatureType == SignatureTarget.TARGET_TYPE_VALUE_QNAME){
                    String targetValue = signatureTarget.getValue();
                    boolean optimized = false;
                    if(fpContext.getConfigType() == MessageConstants.SIGN_BODY || fpContext.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY){
                        optimized = true;
                    }
//                    if(targetValue.equals(SignatureTarget.BODY) && optimized){
//                        Reference ref =  new JAXWSDigestProcessor(fpContext,signatureTarget , digestMethod, signatureFactory).handleJAXWSSOAPBody();
//                        references.add(ref);
//                        continue;
//                    }
                   
                   
                    if(targetValue.equals(SignatureTarget.BODY )){
                        try{
                           
                            final SOAPElement se = msg.getSOAPBody();
                           
                            nodes = new NodeList(){
                                Node node = se;
                                public int getLength(){
                                    if(node == null){
                                        return 0;
                                    }else{
                                        return 1;
                                    }
                                }
                                public Node item(int num){
                                    if(num == 0){
                                        return node;
                                    }else{
                                        return null;
                                    }
                                }
                            };
                        }catch(SOAPException se){
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1369_UNABLE_GET_SIGNATURE_TARGET_BY_URI());
                            throw new XWSSecurityException("SignatureTarget with URI "+targetValue+
                                   " is not in the message");
                             //logger.log(
                             //   Level.WARNING, "Signed Part with QName " + targetValue + " is not in the message");
                             //continue;
                        }
                    }else{
                       
                        QName name = QName.valueOf(targetValue);
                        if(!headersOnly){
                            if("".equals(name.getNamespaceURI())){
                                nodes =msg.getSOAPPart().getElementsByTagName(name.getLocalPart());
                            }else{
                                if(!"".equals(name.getLocalPart()))
                                    nodes = msg.getSOAPPart().getElementsByTagNameNS(name.getNamespaceURI(), name.getLocalPart());
                                else
                                    nodes = msg.getSOAPPart().getElementsByTagNameNS(name.getNamespaceURI(), "*");                           
                            }
                        } else{
                            //process headers of soap message
                            try{
                                nodes = new NodeListImpl();
                                NodeList hdrChilds = msg.getSOAPHeader().getChildNodes();
                                for(int i = 0; i < hdrChilds.getLength(); i++){
                                    Node child = hdrChilds.item(i);
                                    if(child.getNodeType() ==  Node.ELEMENT_NODE){
                                       if("".equals(name.getNamespaceURI())){
                                           if(name.getLocalPart().equals(child.getLocalName()))
                                               ((NodeListImpl)nodes).add(child);
                                       } else{
                                           // FIXME: Hack to get addressing members from both namespaces, as microsoft uses both of them in a soap message
                                           if(name.getNamespaceURI().equals(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE) ||
                                                   name.getNamespaceURI().equals(MessageConstants.ADDRESSING_W3C_NAMESPACE)){
                                               if((child.getNamespaceURI().equals(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE) ||
                                                       child.getNamespaceURI().equals(MessageConstants.ADDRESSING_W3C_NAMESPACE))) {
                                                   if(!"".equals(name.getLocalPart())){
                                                       if(name.getLocalPart().equals(child.getLocalName()))
                                                           ((NodeListImpl)nodes).add(child);
                                                   } else{
                                                       ((NodeListImpl)nodes).add(child);
                                                   }
                                               }
                                           } else{
                                               if(!"".equals(name.getLocalPart())){
                                                   if(name.getNamespaceURI().equals(child.getNamespaceURI()) &&
                                                           name.getLocalPart().equals(child.getLocalName()))
                                                       ((NodeListImpl)nodes).add(child);
                                               } else{
                                                   if(name.getNamespaceURI().equals(child.getNamespaceURI()))
                                                       ((NodeListImpl)nodes).add(child);
                                               }
                                           }
                                       }
                                    }
                                }
                            } catch (SOAPException se){
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1370_FAILED_PROCESS_HEADER());
                                throw new XWSSecurityException(se);
                            }
                        }
                    }
                }else{
                   
                    expr = signatureTarget.getValue();
                   
                    try{
                        XPathFactory xpathFactory = WSITXMLFactory.createXPathFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING);
                        XPath xpath = xpathFactory.newXPath();
                        xpath.setNamespaceContext(secureMessage.getNamespaceContext());
                        //              XPathExpression expr = xpath.compile("//*[@wsu:Id]");
                        //XPathExpression expr = xpath.compile("//*");
                        XPathExpression xpathExpr = xpath.compile(expr);
                        if(logger.isLoggable(Level.FINEST)){
                            logger.log(Level.FINEST, "++++++++++++++++++++++++++++++");
                            logger.log(Level.FINEST, "Expr is "+expr);
                            printDocument((Node)secureMessage.getSOAPPart());
                        }
                        nodes = (NodeList)xpathExpr.evaluate((Object)secureMessage.getSOAPPart(),XPathConstants.NODESET);
                    }catch(XPathExpressionException xpe){
                        logger.log(Level.SEVERE,LogStringsMessages.WSS_1371_FAILED_RESOLVE_X_PATH()+expr,xpe);
                        throw new XWSSecurityException(xpe);
                    }
                }
                int i=0;
                if(nodes == null || nodes.getLength() <= 0){
                    if(signatureTarget.getEnforce()){
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1369_UNABLE_GET_SIGNATURE_TARGET_BY_URI());
                        throw new XWSSecurityException("SignatureTarget with URI "+signatureTarget.getValue()+
                               " is not in the message");
                    } else{
                        continue;
                    }
                   
                     // we dont throw error since WSSecurityPolicy allows this
                     //logger.log(Level.WARNING, "Signed Part with QName/XPath " + signatureTarget.getValue() +
                     //  " is not in the message");
                     //continue;
                }
                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINEST, "Number of nodes "+nodes.getLength());
                    logger.log(Level.FINEST, "+++++++++++++++END+++++++++++++++");
                }
                HashMap elementCache = null;
                if(fpContext != null ){
                    elementCache = fpContext.getElementCache();
                }
                while(i < nodes.getLength()){
                    if(logger.isLoggable(Level.FINEST))
                        logger.log(Level.FINEST, "Nodes is "+nodes.item(i));
                    Node nodeRef = nodes.item(i++);
                    if(nodeRef.getNodeType() != Node.ELEMENT_NODE) {
                        logger.log (Level.SEVERE, LogStringsMessages.WSS_1371_FAILED_RESOLVE_X_PATH());
                        throw new XWSSecurityException(
                                "XPath does not correspond to a DOM Element");
                    }
                    ArrayList clonedTransformList = (ArrayList) transformList.clone();
                    if (exclTransformToBeAdded) {
                        // exc-14-nl must be one of the last transforms under ReferenceList by default.
                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                        ExcC14NParameterSpec spec = null;
                        if((featureBinding != null && featureBinding.isBSP()) || !disableInclusivePrefix){
                            spec = new ExcC14NParameterSpec(getReferenceNamespacePrefixes(nodeRef));
                        }
                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                        clonedTransformList.add(transform);
                    }
                    boolean w3cElem = false;
                    // Assume only elements with wsu:Id are signed
                    String id = ((Element)nodeRef).getAttributeNS(MessageConstants.WSU_NS, "Id");
                    if(id == null || id.equals("")){
                        if(nodeRef.getNamespaceURI() == MessageConstants.DSIG_NS ||
                                nodeRef.getNamespaceURI() == MessageConstants.XENC_NS){
                            w3cElem = true;
                            id = ((Element)nodeRef).getAttribute("Id");
                        }
                       
                    }
                   
                    if (id == null || id.equals("")) {
                        id = secureMessage.generateId();
                        if(!verify){
                            if(w3cElem){
                                XMLUtil.setIdAttr((Element)nodeRef, id);
                            }else{
                                XMLUtil.setWsuIdAttr((Element)nodeRef, id);
                            }
                        }else{
                            //add to context. dont modify the message.
                            elementCache.put(id, nodeRef);
                        }
                    }
                   
                    if(logger.isLoggable(Level.FINEST))
                        logger.log(Level.FINEST, "SignedInfo val id "+id);
                   
                    targetURI = "#"+id;
                   
                    byte [] digestValue = fpContext.getDigestValue();
                    Reference reference = null;
                    if(!verify && digestValue != null){
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null,digestValue);
                    }else{
                        reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
                    }
                    references.add(reference);
                }
                continue;  
            }else if(signatureType ==SignatureTarget.TARGET_TYPE_VALUE_URI){
                targetURI = signatureTarget.getValue();
               
                if(targetURI == null){
                    targetURI="";
                }
                if(targetURI == MessageConstants.PROCESS_ALL_ATTACHMENTS){
View Full Code Here
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
   
    /*
     */
    private static SignatureTarget readSignatureTargetSettings(
            Element targetSettings) {
        SignatureTarget target = new SignatureTarget();
           
        // Read-in the target type attribute
        NamedNodeMap targetAttributes = targetSettings.getAttributes();
        int attributeCount = targetAttributes.getLength();
        String attributeName = null;
        for (int index = 0; index < attributeCount; index++) {
            Attr targetAttribute = (Attr) targetAttributes.item(index);
            attributeName = targetAttribute.getName();
           
            if (TARGET_TYPE_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
                String targetType = targetAttribute.getValue();
                // valid values of targetType are xpath, qname, id
                if (Target.TARGET_TYPE_VALUE_QNAME.equalsIgnoreCase(targetType)){
                    target.setType(Target.TARGET_TYPE_VALUE_QNAME);
                }else if(Target.TARGET_TYPE_VALUE_XPATH.equalsIgnoreCase(targetType)){
                    target.setType(Target.TARGET_TYPE_VALUE_XPATH);
                }else if(Target.TARGET_TYPE_VALUE_URI.equalsIgnoreCase(targetType)) {
                    target.setType(Target.TARGET_TYPE_VALUE_URI);
                } else {
                    log.log(Level.SEVERE,
                            "WSS0519.illegal.attribute.value",
                            "xwss:Target@Type");
                    throw new IllegalStateException(targetType
                            + " is not a recognized type of Target");
                }
            } else if
                    (CONTENT_ONLY_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
                if (targetAttribute.getSpecified()) {
                    throw new IllegalStateException(
                            "invalid contentOnly attribute in a xwss:SignatureTarget");
                }
               
                /* we could check if the reference is to an attachement
                 * and add a Transform
                String contentOnly = targetAttribute.getValue();
                validateContentOnly(targetSettings);
                boolean contentValue = getBooleanValue(contentOnly);
                SignatureTarget.Transform transform =  null;
                if (contentValue) {
                    transform = new SignatureTarget.Transform(
                    MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI);
                } else {
                    transform = new SignatureTarget.Transform(
                    MessageConstants.ATTACHMENT_COMPLETE_TRANSFORM_URI);
                }
                target.addTransform(transform);
                 */
               
            } else if
                    (ENFORCE_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
                String enforce_S = targetAttribute.getValue();
                boolean enforce = getBooleanValue(enforce_S);
                target.setEnforce(enforce);
            }else if(VALUE_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)){
               
            }else {
                log.log(Level.SEVERE,
                        "WSS0512.illegal.attribute.name",
                        new Object[]
                {attributeName, "xwss:Target"});
                throw new IllegalStateException(attributeName
                        + " is not a recognized attribute of Target");
            }
        }
        //read value attribute
        String targetValue = targetSettings.getAttribute(VALUE_ATTRIBUTE_NAME);
        if (targetValue == null ){
            //|| targetValue.equals("")) {
            // log
            throw new IllegalStateException(
                    "value attribute of the SignatureTarget element missing/empty");
        }
        target.setValue(targetValue);
       
        //read the DigestMethod child
        boolean attachmentTxSeen = false;
        Element eachDefinitionElement = getFirstChildElement(targetSettings);
        while (eachDefinitionElement != null) {
            QName definitionType = getQName(eachDefinitionElement);
            if (DIGEST_METHOD_ELEMENT_QNAME.equals(definitionType)) {
                String algorithm = readDigestMethod(eachDefinitionElement);
                target.setDigestAlgorithm(algorithm);
            }else if (TRANSFORM_ELEMENT_QNAME.equals(definitionType)) {
                SignatureTarget.Transform transform =
                        readSigTransform(eachDefinitionElement);
                if (transform.getTransform().equals(
                        MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI) ||
                        transform.getTransform().equals(
                        MessageConstants.ATTACHMENT_COMPLETE_TRANSFORM_URI)) {
                    attachmentTxSeen = true;
                }
                target.addTransform(transform);
            } else {
                log.log(
                        Level.SEVERE,
                        "WSS0513.illegal.configuration.element",
                        definitionType.toString());
                throw new IllegalStateException(definitionType +
                        " is not a recognized sub-element of SignatureTarget");
            }
            eachDefinitionElement = getNextElement(eachDefinitionElement);
        }
        if ("".equals(target.getDigestAlgorithm())) {
            target.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
        }
        if (target.getValue().startsWith("cid") ||
                target.getValue().startsWith("CID") ||
                target.getValue().startsWith(MessageConstants.ATTACHMENTREF)) {
            if (!attachmentTxSeen) {
                throw new IllegalStateException("Missing Transform specification for Attachment Target " + target.getValue());
            }
        }
       
       
        return target;
View Full Code Here
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
        if(MessageConstants.debug){
            log.log(Level.FINEST, "In ApplyDefaults"+featureBinding.getTargetBindings().size());
        }
        if (!dp && targetsEmpty) {
            // this much will automatically set the SOAPBody as target
            SignatureTarget t = new SignatureTarget();
            t.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
            featureBinding.addTargetBinding(t);
        }
        if (policy.getKeyBinding() == null) {
            AuthenticationTokenPolicy.X509CertificateBinding x509Binding =
                    (AuthenticationTokenPolicy.X509CertificateBinding)policy.newX509CertificateKeyBinding();
View Full Code Here
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
        SignaturePolicy.FeatureBinding featureBinding =
                (SignaturePolicy.FeatureBinding)policy.getFeatureBinding();
        boolean targetsEmpty = (featureBinding.getTargetBindings().size() == 0);
        if (!dp && targetsEmpty) {
            // this much will automatically set the SOAPBody as target
            SignatureTarget t = new SignatureTarget();
            //if (!bsp)
            t.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
            featureBinding.addTargetBinding(t);
        }
       
        // if bsp is true the filters will actually have code to verify that the
        // incoming algorithms (are BSP defined ones)
View Full Code Here
168
169
170
171
172
173
174
175
176
177
178
179
180
            LazyKeyBinding lkb = (LazyKeyBinding) signaturePolicy.getKeyBinding();
            if (lkb.getRealId() != null) {
                cloneList = (ArrayList) targetList.clone();
                Iterator it = cloneList.iterator();
                while (it.hasNext()) {
                    SignatureTarget o = (SignatureTarget) it.next();
                    if (o.getValue().equals("#" + lkb.getSTRID())) {
                        o.setValue("#" + lkb.getRealId());
                    }
                }
            }
        }
        String keyAlgo = null;
View Full Code Here
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
        if(logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, LogStringsMessages.WSS_1751_NUMBER_TARGETS_SIGNATURE(targetList.size()));
        }
       
        while(iterator.hasNext()) {
            SignatureTarget signatureTarget = (SignatureTarget)iterator.next();
            String digestAlgo = signatureTarget.getDigestAlgorithm();
            if(logger.isLoggable(Level.FINEST)){
                logger.log(Level.FINEST, LogStringsMessages.WSS_1752_SIGNATURE_TARGET_VALUE(signatureTarget.getValue()));
                logger.log(Level.FINEST, LogStringsMessages.WSS_1753_TARGET_DIGEST_ALGORITHM(digestAlgo));
            }
            DigestMethod digestMethod =null;
            try{
                digestMethod = signatureFactory.newDigestMethod(digestAlgo, null);
            }catch(Exception ex){
                logger.log(Level.SEVERE,"WSS1301.invalid.digest.algo",digestAlgo);
                throw new XWSSecurityException(ex.getMessage());
            }
           
            boolean exclTransformToBeAdded = false;
            ArrayList transforms = signatureTarget.getTransforms();
            ListIterator transformIterator = transforms.listIterator();
            ArrayList transformList = new ArrayList(2);
            while(transformIterator.hasNext()) {
                SignatureTarget.Transform transformInfo = (SignatureTarget.Transform)transformIterator.next();
                String transformAlgo = transformInfo.getTransform();
                Transform transform = null;
               
                if(logger.isLoggable(Level.FINEST))
                    logger.log(Level.FINEST, "Transform Algorithm is "+transformAlgo);
                if(Transform.XPATH.equals(transformAlgo)){
                    /*TransformParameterSpec spec =(TransformParameterSpec) transformInfo.getAlgorithmParameters();
                    //XPathFilterParameterSpec spec = null;
                    if(spec == null){
                        throw new XWSSecurityException("XPATH parameters cannot be null");
                    }
                    //XPATH2,XSLTC , ..
                    transform = signatureFactory.newTransform(transformAlgo,spec);*/
                    throw new UnsupportedOperationException("XPATH not supported");
                } else if(Transform.XPATH2.equals(transformAlgo)){
                    /*TransformParameterSpec transformParams = (TransformParameterSpec)transformInfo.getAlgorithmParameters();
                    transform= signatureFactory.newTransform(transformAlgo,transformParams);*/
                    throw new UnsupportedOperationException("XPATH not supported");
                } else if (MessageConstants.STR_TRANSFORM_URI.equals(transformAlgo)){
                    Parameter transformParams =(Parameter) transformInfo.getAlgorithmParameters();
                    String  algo = null;
                    if(transformParams.getParamName().equals("CanonicalizationMethod")){
                        algo = transformParams.getParamValue();
                    }
                    if(algo == null){
                        throw new XWSSecurityException("STR Transform must have a"+
                                "canonicalization method specified");
                    }
                    if(logger.isLoggable(Level.FINEST)){
                        logger.log(Level.FINEST, "CanonicalizationMethod is " + algo);
                    }
                    //CanonicalizationMethod cm = null;
                    C14NMethodParameterSpec spec = null;
                    try{
                        TransformationParametersType tp =
                                new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParametersType();
                        com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod cm =
                                new com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod();
                        cm.setAlgorithm(algo);
                        tp.getAny().add(cm);
                        JAXBElement<TransformationParametersType> tpElement =
                                new com.sun.xml.ws.security.secext10.ObjectFactory().createTransformationParameters(tp);
                        XMLStructure transformSpec = new JAXBStructure(tpElement);
                        transform = signatureFactory.newTransform(transformAlgo,transformSpec);
                        if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureTarget.getType())){
                            String targetURI = signatureTarget.getValue();
                            ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setReferenceId(targetURI);
                        }
                       
                    } catch(Exception ex){
                        logger.log(Level.SEVERE,LogStringsMessages.WSS_1767_ERROR_CREATE_TRANSFORM_OBJECT(),ex);
                        throw new XWSSecurityException(ex.getMessage());
                    }
                } else if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // should be there by default...
                    // As per R 5412, last child of ds:Transforms must be either excl-c14n, or attachment-content only or attachment-complete transform
                    exclTransformToBeAdded = true;
                } else {
                    transform = signatureFactory.newTransform(transformAlgo,(TransformParameterSpec)null);
                    //throw new XWSSecurityException(transformAlgo + " not supported as Signature transform");
                   
                }
                if (!MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equalsIgnoreCase(transformAlgo)) {
                    // will add c14n transform in the end; later
                    transformList.add(transform);
                }
            }
            String targetURI = "";
            String signatureType = signatureTarget.getType();
            if (signatureTarget.isITNever()) {
                String uri = signatureTarget.getValue();
                uri =  uri.startsWith("#") ? uri.substring(1) : uri;
                SSEData data = (SSEData) fpContext.getElementCache().get(uri);
                SecurityHeaderElement se = (SecurityHeaderElement) data.getSecurityElement();
                fpContext.getSecurityHeader().add(se);
            }
            SecuredMessage secMessage = fpContext.getSecuredMessage();
            //SecurityHeader secHeader = fpContext.getSecurityHeader();
            //boolean headersOnly = signatureTarget.isSOAPHeadersOnly();
           
            if(signatureType.equals(SignatureTarget.TARGET_TYPE_VALUE_QNAME)){
               
                String expr = null;
                List<SignedMessagePart> targets = new ArrayList<SignedMessagePart>();
               
                String targetValue = signatureTarget.getValue();
                boolean optimized = false;
                if(fpContext.getConfigType() == MessageConstants.SIGN_BODY ||
                        fpContext.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY){
                    optimized = true;
                }
               
                if(targetValue.equals(SignatureTarget.BODY )){
                    Object body = secMessage.getBody();
                    if(body instanceof SignedMessagePart){
                        targets.add((SignedMessagePart)body);
                    } else if(body instanceof SecurityElement){
                        SignedMessagePart smp = new SignedMessagePart((SecurityElement)body);
                        targets.add(smp);
                       
                    } else{
                        // replace SOAPBody with securityElement and add
                        // to targets
                        boolean contentOnly = signatureTarget.getContentOnly();
                        SOAPBody soapBody = (SOAPBody)body;
                        if(!contentOnly){
                            if(soapBody.getId() == null || "".equals(soapBody.getId()))
                                soapBody.setId(fpContext.generateID());
                            SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
                            secMessage.replaceBody(smp);
                            targets.add(smp);
                        } else{
                            String id = null;
                            if(soapBody.getBodyContentId() == null || "".equals(soapBody.getBodyContentId())){
                                id = fpContext.generateID();
                                soapBody.setBodyContentId(id);
                            }
                           
                            SignedMessagePart smp = new SignedMessagePart(soapBody, contentOnly);
                            SOAPBody newBody =  new SOAPBody(smp,fpContext.getSOAPVersion());
                            newBody.setId(soapBody.getId());
                            secMessage.replaceBody(newBody);
                            targets.add(smp);
                        }
                    }
                } else{
                    //if QName is of the form "{NS-URI}" then this method throws
                    //illegalArgumentException with JDK 1.6
                    //QName name = QName.valueOf(targetValue);
                    QName name = null;
                    if (targetValue.endsWith("}")) {
                        String nsURI = targetValue.substring(1,targetValue.length() -1);
                        name = new QName(nsURI,"");
                    } else {
                        name = QName.valueOf(targetValue);
                    }
                    //boolean contentOnly = signatureTarget.getContentOnly();
                    Iterator headers = null;
                    if(name.getNamespaceURI().equals(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE) ||
                            name.getNamespaceURI().equals(MessageConstants.ADDRESSING_W3C_NAMESPACE)){
                        if(!"".equals(name.getLocalPart()))
                            headers = secMessage.getHeaders(name.getLocalPart(), null);
                        else{
                            headers = secMessage.getHeaders(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE);
                            if(!headers.hasNext())
                                headers = secMessage.getHeaders(MessageConstants.ADDRESSING_W3C_NAMESPACE);
                        }
                    } else {
                        if(!"".equals(name.getLocalPart()))
                            headers = secMessage.getHeaders(name.getLocalPart(), name.getNamespaceURI());
                        else
                            headers = secMessage.getHeaders(name.getNamespaceURI());
                    }
                   
                    while(headers.hasNext()){
                        Object next = headers.next();
                        if(next instanceof SignedMessageHeader){
                            targets.add((SignedMessageHeader)next);
                        } else if(next instanceof SecurityHeaderElement){
                            SecurityHeaderElement she = (SecurityHeaderElement)next;
                            SignedMessageHeader smh = new SignedMessageHeader(she);
                            secMessage.replaceHeader(she, smh);
                            targets.add(smh);
                        } else if(next instanceof Header){
                            Header header = (Header)next;
                            SignedMessageHeader smh = toSignedMessageHeader(header, fpContext);
                            secMessage.replaceHeader(header, smh);
                            targets.add(smh);
                        }
                    }
                   
                    SecurityHeader sh = fpContext.getSecurityHeader();
                    headers = sh.getHeaders(name.getLocalPart(), name.getNamespaceURI());
                    while(headers.hasNext()){
                        SecurityHeaderElement she = (SecurityHeaderElement) headers.next();
                        if(she instanceof SignedMessageHeader){
                            targets.add((SignedMessageHeader)she);
                        } else{
                            if(she.getId() == null){
                                she.setId(fpContext.generateID());
                            }
                            SignedMessageHeader smh = new SignedMessageHeader(she);
                            targets.add(smh);
                        }
                    }
                }
               
                if(targets.size() <= 0){
                    if(signatureTarget.getEnforce()){
                        throw new XWSSecurityException("SignatureTarget with URI "+signatureTarget.getValue()+
                                " is not in the message");
                    } else
                        continue;
                }
               
                if(logger.isLoggable(Level.FINEST)){
                    logger.log(Level.FINEST, "Number of nodes "+ targets.size());
                    logger.log(Level.FINEST, "+++++++++++++++END+++++++++++++++");
                }
               
                HashMap elementCache = null;
                if(fpContext != null ){
                    elementCache = fpContext.getElementCache();
                }
               
                for(int i = 0; i < targets.size(); i++){
                    SignedMessagePart targetRef = targets.get(i);
                    ArrayList clonedTransformList = (ArrayList)transformList.clone();
                    if (exclTransformToBeAdded) {
                        // exc-14-n must be one of the last transforms under ReferenceList by default.
                        String transformAlgo  = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
                        ((NamespaceContextEx)fpContext.getNamespaceContext()).addExc14NS();
                        ExcC14NParameterSpec spec = null;
                        if(!fpContext.getDisableIncPrefix()){
                            ArrayList list = new ArrayList();
                            /*list.add("wsu");list.add("wsse");*/ list.add("S");
                            spec = new ExcC14NParameterSpec(list); //TO BE SET
                        }
                        Transform transform = signatureFactory.newTransform(transformAlgo,spec);
                        // Commenting this - content is now set directly in com.sun.xml.ws.security.opt.crypto.dsig.Transform
                        // class
//                        if(!fpContext.getDisableIncPrefix()){
//                            List contentList = setInclusiveNamespaces(spec);
//                            ((com.sun.xml.ws.security.opt.crypto.dsig.Transform)transform).setContent(contentList);
//                        }
                        clonedTransformList.add(transform);
                    }
                   
                    String id = targetRef.getId();
                    if (id == null || id.equals("")) {
                        id = fpContext.generateID();
                        if(!verify){
                            targetRef.setId(id);
                        } else{
                            //add to context. dont modify the message.
                            elementCache.put(id, targetRef);
                        }
                    }
                   
                    if(logger.isLoggable(Level.FINEST))
                        logger.log(Level.FINEST, "SignedInfo val id "+id);
                   
                    targetURI = "#"+id;
                   
                    Reference reference = null;
                    reference = signatureFactory.newReference(targetURI,digestMethod,clonedTransformList,null,null);
                    references.add(reference);
                }
                continue;
            } else if(SignatureTarget.TARGET_TYPE_VALUE_URI.equals(signatureType)){
                targetURI = signatureTarget.getValue();
               
                if(targetURI == null){
                    targetURI="";
                }
                QName policyName = signatureTarget.getPolicyQName();
                if(policyName != null && policyName == MessageConstants.SCT_NAME){
                    String _uri = targetURI;
                    if(targetURI.length() > 0 && targetURI.charAt(0)=='#'){
                        _uri = targetURI.substring(1);
                    }
View Full Code Here
984
985
986
987
988
989
990
991
992
993
994
995
996
                        }
                    } else if (PolicyTypeUtil.signaturePolicy(wp)) {
                        SignaturePolicy sp = (SignaturePolicy) wp;
                        ArrayList list = ((SignaturePolicy.FeatureBinding) sp.getFeatureBinding()).getTargetBindings();
                        for (int ei = 0; ei < list.size(); ei++) {
                            SignatureTarget st = (SignatureTarget) list.get(ei);
                            //if(st.getValue() == Target.BODY){
                            if (st.getValue().equals(Target.BODY)) {
                                securedBody = true;
                            }
                        }
                        if (!allHeaders) {
                            allHeaders = areHeadersSecured(sp);
View Full Code Here
TOP

Related Classes of com.sun.xml.wss.impl.policy.mls.SignatureTarget$Transform

  • com.google.gwt.regexp.shared.RegExp
  • com.sun.xml.ws.security.impl.policyconv.BindingProcessor
  • com.sun.xml.ws.security.impl.policyconv.EndorsingSupportingTokensProcessor
  • com.sun.xml.ws.security.impl.policyconv.IntegrityAssertionProcessor
  • com.sun.xml.ws.security.impl.policyconv.SignatureTargetCreator
  • com.sun.xml.ws.security.impl.policyconv.SignedEndorsingSupportingTokensProcessor
  • com.sun.xml.ws.security.impl.policyconv.SignedSupportingTokensProcessor
  • com.sun.xml.ws.security.impl.policyconv.SupportingTokensProcessor
  • com.sun.xml.ws.security.impl.policyconv.TransportBindingProcessor
  • com.sun.xml.ws.security.opt.impl.dsig.SignatureElementFactory
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.