📄 wssecurity.java
字号:
ArrayList validityList = new ArrayList();
Map references = new HashMap();
for(boolean more = c.moveToChild(1); more; more = c.moveToSibling(1))
if(c.atElement("http://schemas.xmlsoap.org/ws/2002/07/secext", "BinarySecurityToken"))
{
String id = getID(c);
if(id != null)
references.put(id, securityTokenToKeyInfo(c));
} else
if(c.atElement("http://schemas.xmlsoap.org/ws/2002/07/secext", "SecurityTokenReference"))
{
String id = getID(c);
if(id != null)
references.put(id, securityTokenReferenceToKeyInfo(c, references));
} else
if(c.atElement(XMLSIG_URI, "KeyInfo"))
{
String id = getID(c);
if(id != null)
references.put(id, keyInfoToKeyInfo(c));
} else
if(c.atElement(XMLSIG_URI, "Signature"))
{
MessageValidity validity = verifySignature(c, references, verifyingKey, trustVerifier);
validityList.add(validity);
} else
if(c.atElement(XMLENC_URI, "ReferenceList"))
processEncryptedList(c, references, decryptionKey);
else
if(c.atElement(XMLENC_URI, "EncryptedKey"))
{
Key key = processEncryptedKey(c, references, decryptionKey);
String id = getID(c);
if(id != null)
references.put(id, key);
} else
if(c.atElement(XMLENC_URI, "EncryptedData"))
c = processEncryptedData(c, references, decryptionKey);
MessageValidity v[] = new MessageValidity[validityList.size()];
validityList.toArray(v);
return v;
}
private String[] addTimestamps(DOMWriteCursor c)
{
addAndMoveToSoapHeader(c);
String ids[] = new String[2];
if(c.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/utility", "Timestamp"))
{
if(c.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/utility", "Created"))
return ids;
if(c.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/utility", "Expires"))
return ids;
} else
{
c = c.addUnder("http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu", "Timestamp");
}
Date time = new Date();
if(c.moveToChild(1))
c = c.addBefore("http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu", "Created");
else
c = c.addUnder("http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu", "Created");
c.setText(DateTime.formatISODateTime(time));
ids[0] = makeID(c, "http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu");
if(validityMillis > 0L)
{
time = new Date(time.getTime() + validityMillis);
if(c.moveToSibling(1))
{
c = c.addBefore("http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu", "Expires");
} else
{
c.moveToParent();
c = c.addUnder("http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu", "Expires");
}
c.setText(DateTime.formatISODateTime(time));
ids[1] = makeID(c, "http://schemas.xmlsoap.org/ws/2002/07/utility", "wsu");
}
return ids;
}
private String getID(DOMCursor c)
throws XmlMessageException
{
String id = c.getAttribute("Id");
String id2 = null;
try
{
id2 = c.getAttribute("http://schemas.xmlsoap.org/ws/2002/07/utility", "Id");
}
catch(NullPointerException e) { }
if(id != null && id2 != null)
throw new XmlMessageException("two IDs not supported");
if(id != null)
return id;
if(id2 != null)
return id2;
else
return null;
}
private MessageValidity verifySignature(DOMCursor c, Map references, VerifyingKey verifyingKey, TrustVerifier trustVerifier)
throws GeneralSecurityException, XmlMessageException
{
MessageValidity validity = null;
KeyInfo keyInfo = null;
if(verifyingKey == null)
{
DOMCursor c2 = c.cloneCursor();
if(c2.moveToChild(XMLSIG_URI, "KeyInfo") && c2.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/secext", "SecurityTokenReference"))
{
keyInfo = securityTokenReferenceToKeyInfo(c2, references);
if(keyInfo != null)
verifyingKey = VerifyingKeyFactory.makeVerifyingKey(keyInfo);
}
}
try
{
Verifier sigVerifier = new Verifier(c.getDocument(), c.createXPath());
if(verifyingKey == null)
{
java.security.PublicKey publicKey = sigVerifier.getVerifyingKey();
if(publicKey == null)
throw isInvalid(c, "no verifying key is available");
verifyingKey = VerifyingKeyFactory.makeVerifyingKey(publicKey);
keyInfo = verifierToKeyInfo(sigVerifier);
}
validity = new MessageValidity(c.getDocument(), "signature", keyInfo, null, c.getElement(), sigVerifier.getReferencedElements());
if(!sigVerifier.verify(verifyingKey))
validity.setInvalid(new SignatureException("signature value does not verify"));
else
if(trustVerifier != null && keyInfo != null)
keyInfo.verifyTrust(trustVerifier);
}
catch(Exception e)
{
if(validity != null)
validity.setInvalid(e);
else
validity = new MessageValidity(c.getDocument(), "signature", null, e, c.getElement(), null);
}
return validity;
}
private void processEncryptedList(DOMCursor c, Map references, Key decryptionKey)
throws XmlMessageException
{
c = c.cloneCursor();
for(boolean more = c.moveToChild(1); more; more = c.moveToSibling(1))
if(c.atElement(XMLENC_URI, "DataReference"))
{
XPath loc = c.getXPathAttribute("URI");
if(loc == null)
throw isInvalid(c, "missing URI");
DOMCursor c2 = c.cloneCursor();
if(!c2.moveToXPath(loc))
throw isInvalid(c, "URI not found: " + loc);
processEncryptedData(c2, references, decryptionKey);
}
}
private Key processEncryptedKey(DOMCursor c, Map references, Key decryptionKey)
throws XmlMessageException
{
if(decryptionKey == null)
throw new XmlMessageException("EncryptedKey cannot be decrypted -- no decryptionKey param specified");
Key key;
try
{
Decryptor decryptor = new Decryptor(c.getDocument(), decryptionKey, c.createXPath());
key = decryptor.decryptKey();
}
catch(Exception e)
{
throw cannotProcess(c, e);
}
c = c.cloneCursor();
if(c.moveToChild(XMLENC_URI, "ReferenceList"))
processEncryptedList(c, references, key);
return key;
}
private DOMCursor processEncryptedData(DOMCursor c, Map references, Key decryptionKey)
throws XmlMessageException
{
if(decryptionKey == null)
throw new XmlMessageException("EncryptedData cannot be decrypted -- no decryptionKey param specified");
DOMCursor saved = c.cloneCursor();
boolean savedSibling = true;
if(!saved.moveToSibling(-1))
{
savedSibling = false;
saved.moveToParent();
}
XPath xpath = c.createXPath();
try
{
Decryptor decryptor = new Decryptor(c.getDocument(), decryptionKey, xpath);
decryptor.decryptInPlace();
if(savedSibling)
saved.moveToSibling(1);
else
saved.moveToChild(1);
return saved;
}
catch(Exception e)
{
throw cannotProcess(xpath, e);
}
}
private KeyInfo keyInfoToKeyInfo(DOMCursor c)
throws XmlMessageException
{
return KeyInfo.fromXML(c);
}
private KeyInfo securityTokenToKeyInfo(DOMCursor c)
throws XmlMessageException
{
try
{
X509Certificate cert = securityTokenToCert(c);
return certToKeyInfo(c, cert);
}
catch(Exception e)
{
throw new InternalRuntimeException(e);
}
}
private KeyInfo securityTokenReferenceToKeyInfo(DOMCursor c, Map references)
throws GeneralSecurityException, XmlMessageException
{
c = c.cloneCursor();
if(c.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/secext", "Reference"))
{
String ref = c.getAttribute("URI");
if(ref == null || !ref.startsWith("#"))
throw new XmlMessageException("external references not supported " + c);
XPath xpath = XPath.fromXPointer(ref);
if(xpath != null)
{
String id = xpath.toID();
if(id != null)
{
KeyInfo ki = (KeyInfo)references.get(id);
if(ki != null)
return ki;
}
}
} else
if(c.moveToChild("http://schemas.xmlsoap.org/ws/2002/07/secext", "KeyIdentifier"))
{
String valueType = c.getAttribute("ValueType");
if(valueType != null && X509_QNAME.equals(c.getQNameInContext(valueType)))
{
byte bytes[] = getBinaryValue(c);
X509EncodedKeySpec spec = new X509EncodedKeySpec(bytes);
java.security.PublicKey key;
try
{
KeyFactory factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(spec);
}
catch(Exception e)
{
KeyFactory factory = KeyFactory.getInstance("DSA");
key = factory.generatePublic(spec);
}
KeyInfo ki = new KeyInfo();
ki.setKeyValue(key);
return ki;
}
}
throw isInvalid(c);
}
private X509Certificate securityTokenToCert(DOMCursor c)
throws GeneralSecurityException
{
if(!c.atElement("http://schemas.xmlsoap.org/ws/2002/07/secext", "BinarySecurityToken"))
return null;
String valueType = c.getAttribute("ValueType");
if(valueType == null)
return null;
if(!X509_QNAME.equals(c.getQNameInContext(valueType)))
{
return null;
} else
{
byte bytes[] = getBinaryValue(c);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -