001: /*
002: * SignatureElementFactory.java
003: *
004: * Created on August 21, 2006, 12:36 PM
005: *
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.ws.security.opt.impl.dsig;
028:
029: import com.sun.xml.security.core.dsig.InclusiveNamespacesType;
030: import com.sun.xml.ws.security.opt.api.SecurityElement;
031: import com.sun.xml.ws.security.opt.impl.message.SOAPBody;
032: import com.sun.xml.ws.security.opt.impl.message.SecuredMessage;
033: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
034: import java.util.logging.Level;
035: import java.util.logging.Logger;
036: import java.util.ArrayList;
037: import java.util.List;
038: import java.util.ListIterator;
039: import java.util.Iterator;
040: import java.util.HashMap;
041: import java.security.NoSuchAlgorithmException;
042: import java.security.InvalidAlgorithmParameterException;
043: import com.sun.xml.wss.logging.LogDomainConstants;
044:
045: import com.sun.xml.ws.security.secext10.TransformationParametersType;
046: import com.sun.xml.ws.security.opt.crypto.jaxb.JAXBSignatureFactory;
047: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
048: import com.sun.xml.wss.XWSSecurityException;
049: import com.sun.xml.wss.impl.PolicyTypeUtil;
050: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
051: import com.sun.xml.wss.impl.policy.MLSPolicy;
052: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
053: import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
054: import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
055: import com.sun.xml.wss.impl.policy.mls.Parameter;
056: import com.sun.xml.wss.impl.MessageConstants;
057: import com.sun.xml.ws.security.opt.crypto.jaxb.JAXBStructure;
058: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
059: import com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader;
060: import com.sun.xml.wss.logging.impl.opt.signature.LogStringsMessages;
061:
062: import com.sun.xml.ws.api.message.Header;
063:
064: import javax.xml.bind.JAXBElement;
065: import javax.xml.namespace.QName;
066:
067: import javax.xml.crypto.dsig.XMLSignature;
068: import javax.xml.crypto.dsig.SignedInfo;
069: import javax.xml.crypto.dsig.XMLSignatureFactory;
070: import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
071: import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
072: import javax.xml.crypto.dsig.CanonicalizationMethod;
073: import javax.xml.crypto.dsig.SignatureMethod;
074: import javax.xml.crypto.dsig.DigestMethod;
075: import javax.xml.crypto.dsig.Transform;
076: import javax.xml.crypto.dsig.Reference;
077: import javax.xml.crypto.XMLStructure;
078:
079: /**
080: *
081: * @author Ashutosh.Shahi@sun.com
082: */
083: public class SignatureElementFactory {
084:
085: private static final Logger logger = Logger.getLogger(
086: LogDomainConstants.IMPL_OPT_SIGNATURE_DOMAIN,
087: LogDomainConstants.IMPL_OPT_SIGNATURE_DOMAIN_BUNDLE);
088:
089: /** Creates a new instance of SignatureElementFactory */
090: public SignatureElementFactory() {
091:
092: }
093:
094: /**
095: *
096: * @param signInfo
097: * @param keyInfo
098: * @param id
099: * @return XMLSignature
100: */
101: public XMLSignature constructSignature(SignedInfo signInfo,
102: javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo,
103: final String id) {
104: return getSignatureFactory().newXMLSignature(signInfo, keyInfo,
105: null, id, null);
106: }
107:
108: /**
109: *
110: * @param signInfo
111: * @param keyInfo
112: * @return XMLSignature
113: */
114: public XMLSignature constructSignature(SignedInfo signInfo,
115: javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo) {
116: return getSignatureFactory().newXMLSignature(signInfo, keyInfo);
117: }
118:
119: public SignedInfo constructSignedInfo(
120: JAXBFilterProcessingContext fpContext)
121: throws NoSuchAlgorithmException,
122: InvalidAlgorithmParameterException, XWSSecurityException {
123: if (PolicyTypeUtil.signaturePolicy(fpContext
124: .getSecurityPolicy())) {
125: return generateSignedInfo(fpContext);
126: }
127: return null;
128: }
129:
130: private SignedInfo generateSignedInfo(
131: JAXBFilterProcessingContext fpContext)
132: throws NoSuchAlgorithmException,
133: InvalidAlgorithmParameterException, XWSSecurityException {
134: SignaturePolicy signaturePolicy = (SignaturePolicy) fpContext
135: .getSecurityPolicy();
136: SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy
137: .getFeatureBinding();
138: MLSPolicy keyBinding = signaturePolicy.getKeyBinding();
139:
140: XMLSignatureFactory signatureFactory = getSignatureFactory();
141: String canonicalAlgo = featureBinding
142: .getCanonicalizationAlgorithm();
143: ArrayList targetList = featureBinding.getTargetBindings();
144: String keyAlgo = MessageConstants.RSA_SHA1_SIGMETHOD;
145:
146: if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
147: AuthenticationTokenPolicy.X509CertificateBinding certificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
148: if (!"".equals(certificateBinding.getKeyAlgorithm())) {
149: keyAlgo = certificateBinding.getKeyAlgorithm();
150: }
151: } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
152: AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding;
153: if (!"".equals(samlBinding.getKeyAlgorithm())) {
154: keyAlgo = samlBinding.getKeyAlgorithm();
155: }
156: } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
157: SymmetricKeyBinding symmetricKeybinding = (SymmetricKeyBinding) keyBinding;
158: if (!"".equals(symmetricKeybinding.getKeyAlgorithm())) {
159: keyAlgo = symmetricKeybinding.getKeyAlgorithm();
160: } else {
161: keyAlgo = MessageConstants.HMAC_SHA1_SIGMETHOD;
162: }
163: } else if (PolicyTypeUtil
164: .secureConversationTokenKeyBinding(keyBinding)) {
165: keyAlgo = MessageConstants.HMAC_SHA1_SIGMETHOD;
166: } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
167: keyAlgo = MessageConstants.HMAC_SHA1_SIGMETHOD;
168: if (fpContext.getTrustContext() != null
169: && fpContext.getTrustContext().getProofKey() == null) {
170: keyAlgo = MessageConstants.RSA_SHA1_SIGMETHOD;
171: //keyAlgo = fpContext.getAlgorithmSuite().getAsymmetricKeySignatureAlgorithm();
172: }
173: } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
174: //TODO: verify if this is always correct
175: keyAlgo = MessageConstants.HMAC_SHA1_SIGMETHOD;
176: //keyAlgo = fpContext.getAlgorithmSuite().getSymmetricKeySignatureAlgorithm();
177: if (fpContext.getTrustContext() != null
178: && fpContext.getTrustContext().getProofKey() == null) {
179: //keyAlgo = fpContext.getAlgorithmSuite().getAsymmetricKeySignatureAlgorithm();
180: keyAlgo = MessageConstants.RSA_SHA1_SIGMETHOD;
181: }
182: } else {
183: logger
184: .log(
185: Level.SEVERE,
186: LogStringsMessages
187: .WSS_1703_UNSUPPORTED_KEYBINDING_SIGNATUREPOLICY(keyBinding));
188: throw new XWSSecurityException(
189: "Unsupported KeyBinding for SignaturePolicy");
190: }
191: C14NMethodParameterSpec spec = null;
192: if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS
193: .equalsIgnoreCase(canonicalAlgo)) {
194: if (!fpContext.getDisableIncPrefix()) {
195: List inc = new ArrayList();
196: inc.add("wsse");
197: inc.add("S");
198: spec = new ExcC14NParameterSpec(inc);
199: }
200: ((NamespaceContextEx) fpContext.getNamespaceContext())
201: .addExc14NS();
202: }
203: CanonicalizationMethod canonicalMethod = signatureFactory
204: .newCanonicalizationMethod(canonicalAlgo, spec);
205: if (!fpContext.getDisableIncPrefix()) {
206: List contentList = setInclusiveNamespaces((ExcC14NParameterSpec) spec);
207: ((com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod) canonicalMethod)
208: .setContent(contentList);
209: }
210:
211: SignatureMethod signatureMethod = signatureFactory
212: .newSignatureMethod(keyAlgo, null);
213: //Note : Signature algorithm parameters null for now , fix me.
214: SignedInfo signedInfo = signatureFactory.newSignedInfo(
215: canonicalMethod, signatureMethod,
216: generateReferenceList(targetList, signatureFactory,
217: fpContext, false), null);
218: //Note : Id is now null
219: return signedInfo;
220: }
221:
222: /**
223: *
224: * @return XMLSignatureFactory
225: */
226: private XMLSignatureFactory getSignatureFactory() {
227: try {
228: return JAXBSignatureFactory.newInstance();
229: } catch (Exception ex) {
230: throw new RuntimeException(ex);
231: }
232: }
233:
234: private List generateReferenceList(List targetList,
235: XMLSignatureFactory signatureFactory,
236: JAXBFilterProcessingContext fpContext, boolean verify)
237: throws NoSuchAlgorithmException,
238: InvalidAlgorithmParameterException, XWSSecurityException {
239: ListIterator iterator = targetList.listIterator();
240: ArrayList references = new ArrayList();
241: if (logger.isLoggable(Level.FINEST)) {
242: logger.log(Level.FINEST, LogStringsMessages
243: .WSS_1751_NUMBER_TARGETS_SIGNATURE(targetList
244: .size()));
245: }
246:
247: while (iterator.hasNext()) {
248: SignatureTarget signatureTarget = (SignatureTarget) iterator
249: .next();
250: String digestAlgo = signatureTarget.getDigestAlgorithm();
251: if (logger.isLoggable(Level.FINEST)) {
252: logger
253: .log(
254: Level.FINEST,
255: LogStringsMessages
256: .WSS_1752_SIGNATURE_TARGET_VALUE(signatureTarget
257: .getValue()));
258: logger.log(Level.FINEST, LogStringsMessages
259: .WSS_1753_TARGET_DIGEST_ALGORITHM(digestAlgo));
260: }
261: DigestMethod digestMethod = null;
262: try {
263: digestMethod = signatureFactory.newDigestMethod(
264: digestAlgo, null);
265: } catch (Exception ex) {
266: logger.log(Level.SEVERE, "WSS1301.invalid.digest.algo",
267: digestAlgo);
268: throw new XWSSecurityException(ex.getMessage());
269: }
270:
271: boolean exclTransformToBeAdded = false;
272: ArrayList transforms = signatureTarget.getTransforms();
273: ListIterator transformIterator = transforms.listIterator();
274: ArrayList transformList = new ArrayList(2);
275: while (transformIterator.hasNext()) {
276: SignatureTarget.Transform transformInfo = (SignatureTarget.Transform) transformIterator
277: .next();
278: String transformAlgo = transformInfo.getTransform();
279: Transform transform = null;
280:
281: if (logger.isLoggable(Level.FINEST))
282: logger.log(Level.FINEST, "Transform Algorithm is "
283: + transformAlgo);
284: if (transformAlgo == Transform.XPATH
285: || transformAlgo.equals(Transform.XPATH)) {
286: /*TransformParameterSpec spec =(TransformParameterSpec) transformInfo.getAlgorithmParameters();
287: //XPathFilterParameterSpec spec = null;
288: if(spec == null){
289: throw new XWSSecurityException("XPATH parameters cannot be null");
290: }
291: //XPATH2,XSLTC , ..
292: transform = signatureFactory.newTransform(transformAlgo,spec);*/
293: throw new UnsupportedOperationException(
294: "XPATH not supported");
295: } else if (transformAlgo == Transform.XPATH2
296: || transformAlgo.equals(Transform.XPATH2)) {
297: /*TransformParameterSpec transformParams = (TransformParameterSpec)transformInfo.getAlgorithmParameters();
298: transform= signatureFactory.newTransform(transformAlgo,transformParams);*/
299: throw new UnsupportedOperationException(
300: "XPATH not supported");
301: } else if (transformAlgo == MessageConstants.STR_TRANSFORM_URI
302: || transformAlgo
303: .equals(MessageConstants.STR_TRANSFORM_URI)) {
304: Parameter transformParams = (Parameter) transformInfo
305: .getAlgorithmParameters();
306: String algo = null;
307: if (transformParams.getParamName().equals(
308: "CanonicalizationMethod")) {
309: algo = transformParams.getParamValue();
310: }
311: if (algo == null) {
312: throw new XWSSecurityException(
313: "STR Transform must have a"
314: + "canonicalization method specified");
315: }
316: if (logger.isLoggable(Level.FINEST)) {
317: logger.log(Level.FINEST,
318: "CanonicalizationMethod is " + algo);
319: }
320: //CanonicalizationMethod cm = null;
321: C14NMethodParameterSpec spec = null;
322: try {
323: TransformationParametersType tp = new com.sun.xml.ws.security.secext10.ObjectFactory()
324: .createTransformationParametersType();
325: com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod cm = new com.sun.xml.ws.security.opt.crypto.dsig.CanonicalizationMethod();
326: cm.setAlgorithm(algo);
327: tp.getAny().add(cm);
328: JAXBElement<TransformationParametersType> tpElement = new com.sun.xml.ws.security.secext10.ObjectFactory()
329: .createTransformationParameters(tp);
330: XMLStructure transformSpec = new JAXBStructure(
331: tpElement);
332: transform = signatureFactory.newTransform(
333: transformAlgo, transformSpec);
334: if (signatureTarget.getType() == SignatureTarget.TARGET_TYPE_VALUE_URI) {
335: String targetURI = signatureTarget
336: .getValue();
337: ((com.sun.xml.ws.security.opt.crypto.dsig.Transform) transform)
338: .setReferenceId(targetURI);
339: }
340:
341: } catch (Exception ex) {
342: logger.log(Level.SEVERE,
343: "WSS1300.dsig.transform_param.error",
344: ex);
345: throw new XWSSecurityException(ex.getMessage());
346: }
347: } else if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS
348: .equalsIgnoreCase(transformAlgo)) {
349: // should be there by default...
350: // As per R 5412, last child of ds:Transforms must be either excl-c14n, or attachment-content only or attachment-complete transform
351: exclTransformToBeAdded = true;
352: } else {
353: //transform = signatureFactory.newTransform(transformAlgo,(TransformParameterSpec) null);
354: throw new XWSSecurityException(transformAlgo
355: + " not supported as Signature transform");
356:
357: }
358: if (!MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS
359: .equalsIgnoreCase(transformAlgo)) {
360: // will add c14n transform in the end; later
361: transformList.add(transform);
362: }
363: }
364: String targetURI = "";
365: String signatureType = signatureTarget.getType();
366: SecuredMessage secMessage = fpContext.getSecuredMessage();
367: //SecurityHeader secHeader = fpContext.getSecurityHeader();
368: //boolean headersOnly = signatureTarget.isSOAPHeadersOnly();
369:
370: if (signatureType
371: .equals(SignatureTarget.TARGET_TYPE_VALUE_QNAME)) {
372:
373: String expr = null;
374: List<SignedMessagePart> targets = new ArrayList<SignedMessagePart>();
375:
376: String targetValue = signatureTarget.getValue();
377: boolean optimized = false;
378: if (fpContext.getConfigType() == MessageConstants.SIGN_BODY
379: || fpContext.getConfigType() == MessageConstants.SIGN_ENCRYPT_BODY) {
380: optimized = true;
381: }
382:
383: if (targetValue.equals(SignatureTarget.BODY)) {
384: Object body = secMessage.getBody();
385: if (body instanceof SignedMessagePart) {
386: targets.add((SignedMessagePart) body);
387: } else if (body instanceof SecurityElement) {
388: SignedMessagePart smp = new SignedMessagePart(
389: (SecurityElement) body);
390: targets.add(smp);
391:
392: } else {
393: // replace SOAPBody with securityElement and add
394: // to targets
395: boolean contentOnly = signatureTarget
396: .getContentOnly();
397: SOAPBody soapBody = (SOAPBody) body;
398: if (!contentOnly) {
399: if (soapBody.getId() == null
400: || "".equals(soapBody.getId()))
401: soapBody.setId(fpContext.generateID());
402: SignedMessagePart smp = new SignedMessagePart(
403: soapBody, contentOnly);
404: secMessage.replaceBody(smp);
405: targets.add(smp);
406: } else {
407: String id = null;
408: if (soapBody.getBodyContentId() == null
409: || "".equals(soapBody
410: .getBodyContentId())) {
411: id = fpContext.generateID();
412: soapBody.setBodyContentId(id);
413: }
414:
415: SignedMessagePart smp = new SignedMessagePart(
416: soapBody, contentOnly);
417: SOAPBody newBody = new SOAPBody(smp,
418: fpContext.getSOAPVersion());
419: newBody.setId(soapBody.getId());
420: secMessage.replaceBody(newBody);
421: targets.add(smp);
422: }
423: }
424: } else {
425: //if QName is of the form "{NS-URI}" then this method throws
426: //illegalArgumentException with JDK 1.6
427: //QName name = QName.valueOf(targetValue);
428: QName name = null;
429: if (targetValue.endsWith("}")) {
430: String nsURI = targetValue.substring(1,
431: targetValue.length() - 1);
432: name = new QName(nsURI, "");
433: } else {
434: name = QName.valueOf(targetValue);
435: }
436: //boolean contentOnly = signatureTarget.getContentOnly();
437: Iterator headers = null;
438: if (name
439: .getNamespaceURI()
440: .equals(
441: MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE)
442: || name
443: .getNamespaceURI()
444: .equals(
445: MessageConstants.ADDRESSING_W3C_NAMESPACE)) {
446: if (!"".equals(name.getLocalPart()))
447: headers = secMessage.getHeaders(name
448: .getLocalPart(), null);
449: else {
450: headers = secMessage
451: .getHeaders(MessageConstants.ADDRESSING_MEMBER_SUBMISSION_NAMESPACE);
452: if (!headers.hasNext())
453: headers = secMessage
454: .getHeaders(MessageConstants.ADDRESSING_W3C_NAMESPACE);
455: }
456: } else {
457: if (!"".equals(name.getLocalPart()))
458: headers = secMessage.getHeaders(name
459: .getLocalPart(), name
460: .getNamespaceURI());
461: else
462: headers = secMessage.getHeaders(name
463: .getNamespaceURI());
464: }
465:
466: while (headers.hasNext()) {
467: Object next = headers.next();
468: if (next instanceof SignedMessageHeader) {
469: targets.add((SignedMessageHeader) next);
470: } else if (next instanceof SecurityHeaderElement) {
471: SecurityHeaderElement she = (SecurityHeaderElement) next;
472: SignedMessageHeader smh = new SignedMessageHeader(
473: she);
474: secMessage.replaceHeader(she, smh);
475: targets.add(smh);
476: } else if (next instanceof Header) {
477: Header header = (Header) next;
478: SignedMessageHeader smh = toSignedMessageHeader(
479: header, fpContext);
480: secMessage.replaceHeader(header, smh);
481: targets.add(smh);
482: }
483: }
484:
485: SecurityHeader sh = fpContext.getSecurityHeader();
486: headers = sh.getHeaders(name.getLocalPart(), name
487: .getNamespaceURI());
488: while (headers.hasNext()) {
489: SecurityHeaderElement she = (SecurityHeaderElement) headers
490: .next();
491: if (she instanceof SignedMessageHeader) {
492: targets.add((SignedMessageHeader) she);
493: } else {
494: if (she.getId() == null) {
495: she.setId(fpContext.generateID());
496: }
497: SignedMessageHeader smh = new SignedMessageHeader(
498: she);
499: targets.add(smh);
500: }
501: }
502: }
503:
504: if (targets.size() <= 0) {
505: if (signatureTarget.getEnforce()) {
506: throw new XWSSecurityException(
507: "SignatureTarget with URI "
508: + signatureTarget.getValue()
509: + " is not in the message");
510: } else
511: continue;
512: }
513:
514: if (logger.isLoggable(Level.FINEST)) {
515: logger.log(Level.FINEST, "Number of nodes "
516: + targets.size());
517: logger.log(Level.FINEST,
518: "+++++++++++++++END+++++++++++++++");
519: }
520:
521: HashMap elementCache = null;
522: if (fpContext != null) {
523: elementCache = fpContext.getElementCache();
524: }
525:
526: for (int i = 0; i < targets.size(); i++) {
527: SignedMessagePart targetRef = targets.get(i);
528: ArrayList clonedTransformList = (ArrayList) transformList
529: .clone();
530: if (exclTransformToBeAdded) {
531: // exc-14-n must be one of the last transforms under ReferenceList by default.
532: String transformAlgo = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
533: ((NamespaceContextEx) fpContext
534: .getNamespaceContext()).addExc14NS();
535: ExcC14NParameterSpec spec = null;
536: if (!fpContext.getDisableIncPrefix()) {
537: ArrayList list = new ArrayList();
538: /*list.add("wsu");list.add("wsse");*/list
539: .add("S");
540: spec = new ExcC14NParameterSpec(list); //TO BE SET
541: }
542: Transform transform = signatureFactory
543: .newTransform(transformAlgo, spec);
544: if (!fpContext.getDisableIncPrefix()) {
545: List contentList = setInclusiveNamespaces(spec);
546: ((com.sun.xml.ws.security.opt.crypto.dsig.Transform) transform)
547: .setContent(contentList);
548: }
549: clonedTransformList.add(transform);
550: }
551:
552: String id = targetRef.getId();
553: if (id == null || id.equals("")) {
554: id = fpContext.generateID();
555: if (!verify) {
556: targetRef.setId(id);
557: } else {
558: //add to context. dont modify the message.
559: elementCache.put(id, targetRef);
560: }
561: }
562:
563: if (logger.isLoggable(Level.FINEST))
564: logger.log(Level.FINEST, "SignedInfo val id "
565: + id);
566:
567: targetURI = "#" + id;
568:
569: Reference reference = null;
570: reference = signatureFactory.newReference(
571: targetURI, digestMethod,
572: clonedTransformList, null, null);
573: references.add(reference);
574: }
575: continue;
576: } else if (signatureType == SignatureTarget.TARGET_TYPE_VALUE_URI) {
577: targetURI = signatureTarget.getValue();
578:
579: if (targetURI == null) {
580: targetURI = "";
581: }
582: QName policyName = signatureTarget.getPolicyQName();
583: if (policyName != null
584: && policyName == MessageConstants.SCT_NAME) {
585: String _uri = targetURI;
586: if (targetURI.length() > 0
587: && targetURI.charAt(0) == '#') {
588: _uri = targetURI.substring(1);
589: }
590: com.sun.xml.ws.security.IssuedTokenContext ictx = fpContext
591: .getIssuedTokenContext(_uri);
592: com.sun.xml.ws.security.SecurityContextToken sct1 = (com.sun.xml.ws.security.SecurityContextToken) ictx
593: .getSecurityToken();
594: targetURI = sct1.getWsuId();
595: }
596: if (targetURI == MessageConstants.PROCESS_ALL_ATTACHMENTS) {
597: throw new UnsupportedOperationException(
598: "PROCESS_ALL_ATTACHMENTS not supported yet");
599: } else {
600: if (exclTransformToBeAdded) {
601: String _uri = targetURI;
602: if (targetURI.length() > 0
603: && targetURI.charAt(0) == '#') {
604: _uri = targetURI.substring(1);
605: }
606: Object reqdPart = getPartFromId(fpContext, _uri);
607: if (reqdPart != null) {
608: String transformAlgo = MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
609: ExcC14NParameterSpec spec = null;
610: if (!fpContext.getDisableIncPrefix()) {
611: ArrayList list = new ArrayList();
612: list.add("wsu");
613: list.add("wsse");
614: list.add("S");
615: spec = new ExcC14NParameterSpec(list);
616: }
617: Transform transform = signatureFactory
618: .newTransform(transformAlgo, spec);
619: if (!fpContext.getDisableIncPrefix()) {
620: List contentList = setInclusiveNamespaces(spec);
621: ((com.sun.xml.ws.security.opt.crypto.dsig.Transform) transform)
622: .setContent(contentList);
623: }
624: transformList.add(transform);
625: }
626: }
627: if (targetURI
628: .equals(SignatureTarget.ALL_MESSAGE_HEADERS)) {
629: //throw new UnsupportedOperationException(SignatureTarget.ALL_MESSAGE_HEADERS +
630: // " not supported yet");
631: ArrayList headers = secMessage.getHeaders();
632: for (int i = 0; i < headers.size(); i++) {
633: Object header = headers.get(i);
634: String tmpUri = null;
635: if (header instanceof SignedMessageHeader) {
636: tmpUri = "#"
637: + ((SignedMessageHeader) header)
638: .getId();
639:
640: } else if (header instanceof SecurityHeaderElement) {
641: SecurityHeaderElement she = (SecurityHeaderElement) header;
642: SignedMessageHeader smh = new SignedMessageHeader(
643: she);
644: String id = smh.getId();
645: if (id == null) {
646: id = fpContext.generateID();
647: smh.setId(id);
648: }
649: secMessage.replaceHeader(she, smh);
650: tmpUri = "#" + id;
651: } else if (header instanceof Header) {
652: Header jwHeader = (Header) header;
653: tmpUri = fpContext.generateID();
654: SignedMessageHeader smh = createSignedMessageHeader(
655: jwHeader, tmpUri, fpContext);
656: secMessage.replaceHeader(jwHeader, smh);
657: }
658: if (tmpUri != null) {
659: Reference reference = signatureFactory
660: .newReference(tmpUri,
661: digestMethod,
662: transformList, null,
663: null);
664: references.add(reference);
665: }
666: }
667: continue;
668: }
669:
670: }
671: }
672: Reference reference = null;
673: reference = signatureFactory.newReference(targetURI,
674: digestMethod, transformList, null, null);
675: references.add(reference);
676:
677: }
678: if (references.isEmpty()) {
679: logger.log(Level.WARNING,
680: "No Signed Parts found in the Message");
681: }
682: return references;
683: }
684:
685: private List setInclusiveNamespaces(ExcC14NParameterSpec spec) {
686: com.sun.xml.security.core.dsig.ObjectFactory objFac = new com.sun.xml.security.core.dsig.ObjectFactory();
687: InclusiveNamespacesType incList = objFac
688: .createInclusiveNamespaces();
689: List prefixList = spec.getPrefixList();
690: for (int j = 0; j < prefixList.size(); j++) {
691: String prefix = (String) prefixList.get(j);
692: incList.addToPrefixList(prefix);
693: }
694: JAXBElement<InclusiveNamespacesType> je = objFac
695: .createInclusiveNamespaces(incList);
696: List contentList = new ArrayList();
697: contentList.add(je);
698: return contentList;
699: }
700:
701: private SignedMessageHeader toSignedMessageHeader(Header header,
702: JAXBFilterProcessingContext context) {
703: return createSignedMessageHeader(header, context.generateID(),
704: context);
705: }
706:
707: private SignedMessageHeader createSignedMessageHeader(
708: com.sun.xml.ws.api.message.Header header, String string,
709: JAXBFilterProcessingContext context) {
710: return new SignedMessageHeader(header, string, context);
711: }
712:
713: private Object getPartFromId(JAXBFilterProcessingContext fpContext,
714: final String id) throws XWSSecurityException {
715: SecuredMessage secMessage = fpContext.getSecuredMessage();
716: Object reqdHeader = secMessage.getHeader(id);
717: if (reqdHeader != null) {
718: return reqdHeader;
719: }
720: SecurityHeader secHeader = fpContext.getSecurityHeader();
721: SecurityHeaderElement she = secHeader.getChildElement(id);
722: if (she != null)
723: return she;
724: Object body = secMessage.getBody();
725: if (body instanceof SOAPBody) {
726: SOAPBody soapBody = (SOAPBody) body;
727: if (id.equals(soapBody.getId()))
728: return soapBody;
729: } else if (body instanceof SecurityElement) {
730: SecurityElement se = (SecurityElement) body;
731: if (id.equals(se.getId()))
732: return se;
733: }
734: return null;
735: }
736:
737: }
|