From 359bddd4ad5c24f57e8666fa4ae543eac69d7897 Mon Sep 17 00:00:00 2001 From: DamienJDev Date: Thu, 26 Mar 2020 14:29:09 +1100 Subject: [PATCH 1/4] changes to allow signature algorithm for STS to be overridden --- .../java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java index 2d2bce8d2..6fa772f30 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java @@ -256,6 +256,10 @@ public Packet processClientRequestPacket(Packet packet) { ProcessingContext ctx = initializeOutgoingProcessingContext(packet, isSCMessage); ((ProcessingContextImpl) ctx).setIssuedTokenContextMap(issuedTokenContextMap); ((ProcessingContextImpl) ctx).setSCPolicyIDtoSctIdMap(scPolicyIDtoSctIdMap); + String sigAlg = (String)(packet.invocationProperties.get("sts-signature-algorithm")); + if(sigAlg!=null && (!sigAlg.equals(""))) { + ((ProcessingContextImpl) ctx).getAlgorithmSuite().setSignatureAlgorithm((String) (packet.invocationProperties.get("signature-algorithm"))); + } ctx.isClient(true); try { if (hasKerberosTokenPolicy()) { From 97b5d59f9c3ed96a0c91a150e0cbe2360e3e869f Mon Sep 17 00:00:00 2001 From: DamienJDev Date: Thu, 26 Mar 2020 14:53:59 +1100 Subject: [PATCH 2/4] signature algorithm set correctly --- .../java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java index 6fa772f30..8eb8e0edb 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java @@ -258,7 +258,7 @@ public Packet processClientRequestPacket(Packet packet) { ((ProcessingContextImpl) ctx).setSCPolicyIDtoSctIdMap(scPolicyIDtoSctIdMap); String sigAlg = (String)(packet.invocationProperties.get("sts-signature-algorithm")); if(sigAlg!=null && (!sigAlg.equals(""))) { - ((ProcessingContextImpl) ctx).getAlgorithmSuite().setSignatureAlgorithm((String) (packet.invocationProperties.get("signature-algorithm"))); + ((ProcessingContextImpl) ctx).getAlgorithmSuite().setSignatureAlgorithm(sigAlg); } ctx.isClient(true); try { From f9fddaabc520c8caa2de8e8aea1f0c697bd92a6a Mon Sep 17 00:00:00 2001 From: DamienJDev Date: Fri, 27 Mar 2020 09:50:56 +1100 Subject: [PATCH 3/4] signature algorithm api fix, will now translate to constructed message --- .../security/trust/client/STSIssuedTokenConfiguration.java | 1 + .../com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java | 4 +++- .../java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java b/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java index f018d1683..821332d9e 100644 --- a/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java +++ b/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java @@ -35,6 +35,7 @@ public abstract class STSIssuedTokenConfiguration implements IssuedTokenConfigur public static final String STS_SERVICE_NAME ="sts-service-name"; public static final String STS_PORT_NAME ="sts-port-name"; public static final String STS_NAMESPACE ="sts-namespace"; + public static final String STS_SIGNATURE_ALGORITHM ="sts-signature-algorithm"; public static final String LIFE_TIME = "LifeTime"; public static final String MAX_CLOCK_SKEW = "MaxClockSkew"; diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java index aba377f8a..a4bf52c4f 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java @@ -550,7 +550,9 @@ private BaseSTSResponse invokeRST(final RequestSecurityToken request, STSIssuedT } dispatch.getRequestContext().put(WSTrustConstants.IS_TRUST_MESSAGE, "true"); dispatch.getRequestContext().put(WSTrustConstants.TRUST_ACTION, getAction(wstVer, request.getRequestType().toString())); - + + dispatch.getRequestContext().put(STSIssuedTokenConfiguration.STS_SIGNATURE_ALGORITHM, stsConfig.getSignatureAlgorithm()); + // Pass the keys and/or username, password to the message context // String userName = (String) stsConfig.getOtherOptions().get(com.sun.xml.wss.XWSSConstants.USERNAME_PROPERTY); // String password = (String) stsConfig.getOtherOptions().get(com.sun.xml.wss.XWSSConstants.PASSWORD_PROPERTY); diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java index 8eb8e0edb..fd4c85219 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java @@ -256,7 +256,7 @@ public Packet processClientRequestPacket(Packet packet) { ProcessingContext ctx = initializeOutgoingProcessingContext(packet, isSCMessage); ((ProcessingContextImpl) ctx).setIssuedTokenContextMap(issuedTokenContextMap); ((ProcessingContextImpl) ctx).setSCPolicyIDtoSctIdMap(scPolicyIDtoSctIdMap); - String sigAlg = (String)(packet.invocationProperties.get("sts-signature-algorithm")); + String sigAlg = (String)(packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_SIGNATURE_ALGORITHM)); if(sigAlg!=null && (!sigAlg.equals(""))) { ((ProcessingContextImpl) ctx).getAlgorithmSuite().setSignatureAlgorithm(sigAlg); } From 89affa8d9bc706804a73dd6114834c2e62ec5025 Mon Sep 17 00:00:00 2001 From: DamienJDev Date: Fri, 27 Mar 2020 09:50:56 +1100 Subject: [PATCH 4/4] signature algorithm api fix, will now translate to constructed message Signed-off-by: DamienJDev --- .../security/trust/client/STSIssuedTokenConfiguration.java | 1 + .../com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java | 4 +++- .../java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java b/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java index f018d1683..821332d9e 100644 --- a/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java +++ b/wsit/ws-sx/wssx-api/src/main/java/com/sun/xml/ws/api/security/trust/client/STSIssuedTokenConfiguration.java @@ -35,6 +35,7 @@ public abstract class STSIssuedTokenConfiguration implements IssuedTokenConfigur public static final String STS_SERVICE_NAME ="sts-service-name"; public static final String STS_PORT_NAME ="sts-port-name"; public static final String STS_NAMESPACE ="sts-namespace"; + public static final String STS_SIGNATURE_ALGORITHM ="sts-signature-algorithm"; public static final String LIFE_TIME = "LifeTime"; public static final String MAX_CLOCK_SKEW = "MaxClockSkew"; diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java index aba377f8a..a4bf52c4f 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/ws/security/trust/impl/TrustPluginImpl.java @@ -550,7 +550,9 @@ private BaseSTSResponse invokeRST(final RequestSecurityToken request, STSIssuedT } dispatch.getRequestContext().put(WSTrustConstants.IS_TRUST_MESSAGE, "true"); dispatch.getRequestContext().put(WSTrustConstants.TRUST_ACTION, getAction(wstVer, request.getRequestType().toString())); - + + dispatch.getRequestContext().put(STSIssuedTokenConfiguration.STS_SIGNATURE_ALGORITHM, stsConfig.getSignatureAlgorithm()); + // Pass the keys and/or username, password to the message context // String userName = (String) stsConfig.getOtherOptions().get(com.sun.xml.wss.XWSSConstants.USERNAME_PROPERTY); // String password = (String) stsConfig.getOtherOptions().get(com.sun.xml.wss.XWSSConstants.PASSWORD_PROPERTY); diff --git a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java index 8eb8e0edb..fd4c85219 100644 --- a/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java +++ b/wsit/ws-sx/wssx-impl/src/main/java/com/sun/xml/wss/jaxws/impl/SecurityClientTube.java @@ -256,7 +256,7 @@ public Packet processClientRequestPacket(Packet packet) { ProcessingContext ctx = initializeOutgoingProcessingContext(packet, isSCMessage); ((ProcessingContextImpl) ctx).setIssuedTokenContextMap(issuedTokenContextMap); ((ProcessingContextImpl) ctx).setSCPolicyIDtoSctIdMap(scPolicyIDtoSctIdMap); - String sigAlg = (String)(packet.invocationProperties.get("sts-signature-algorithm")); + String sigAlg = (String)(packet.invocationProperties.get(STSIssuedTokenConfiguration.STS_SIGNATURE_ALGORITHM)); if(sigAlg!=null && (!sigAlg.equals(""))) { ((ProcessingContextImpl) ctx).getAlgorithmSuite().setSignatureAlgorithm(sigAlg); }