Skip to content

Commit

Permalink
Merge pull request #4 from severnt/wssesign-concurrency-fix
Browse files Browse the repository at this point in the history 
Fix signWithWSSEInfo concurrency problem
  • Loading branch information
@rmrobinson-textnow
rmrobinson-textnow authored Jun 22, 2020
2 parents 8bf496a + be867d3 commit 84f5d79
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 13 deletions.
6 changes: 3 additions & 3 deletions envelope.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,18 +72,18 @@ func (e *Envelope) signWithWSSEInfo(info *WSSEAuthInfo) error {

e.Body.XMLNSWsu = wsuNS

err := info.generateIDs()
ids, err := generateWSSEAuthIDs()
if err != nil {
return err
}

securityHeader, err := info.sign(*e.Body)
securityHeader, err := info.sign(*e.Body, ids)
if err != nil {
return err
}

e.AddHeaders(securityHeader)
e.Body.ID = info.bodyID
e.Body.ID = ids.bodyID

return nil
}
Expand Down
25 changes: 15 additions & 10 deletions wsse.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,10 @@ const (
type WSSEAuthInfo struct {
certDER string
key *rsa.PrivateKey
}

// WSSEAuthIDs contains generated IDs used in WS-Security X.509 signing.
type WSSEAuthIDs struct {
securityTokenID string
bodyID string
}
Expand Down Expand Up @@ -180,7 +183,7 @@ type security struct {
Signature signature
}

func (w *WSSEAuthInfo) generateToken() ([]byte, error) {
func (w *WSSEAuthIDs) generateToken() ([]byte, error) {
// We use a concatentation of the time and 10 securely generated random numbers to be the tokens.
b := make([]byte, 10)

Expand All @@ -198,26 +201,28 @@ func (w *WSSEAuthInfo) generateToken() ([]byte, error) {
return tokenHex, nil
}

func (w *WSSEAuthInfo) generateIDs() error {
func generateWSSEAuthIDs() (*WSSEAuthIDs, error) {
w := &WSSEAuthIDs{}

securityTokenHex, err := w.generateToken()
if err != nil {
return err
return nil, err
}

w.securityTokenID = fmt.Sprintf("SecurityToken-%x", securityTokenHex)

bodyTokenHex, err := w.generateToken()
if err != nil {
return err
return nil, err
}

w.bodyID = fmt.Sprintf("Body-%x", bodyTokenHex)
return nil
return w, nil
}

func (w *WSSEAuthInfo) sign(body Body) (security, error) {
func (w *WSSEAuthInfo) sign(body Body, ids *WSSEAuthIDs) (security, error) {
// 0. We create the body_id and security_token_id values
body.ID = w.bodyID
body.ID = ids.bodyID

// 1. We create the DigestValue of the body.

Expand Down Expand Up @@ -247,7 +252,7 @@ func (w *WSSEAuthInfo) sign(body Body) (security, error) {
Algorithm: rsaSha1Sig,
},
Reference: signatureReference{
URI: "#" + w.bodyID,
URI: "#" + ids.bodyID,
Transforms: transforms{
Transform: transform{
Algorithm: canonicalizationExclusiveC14N,
Expand Down Expand Up @@ -282,7 +287,7 @@ func (w *WSSEAuthInfo) sign(body Body) (security, error) {
XMLNS: wsseNS,
BinarySecurityToken: binarySecurityToken{
XMLNS: wsuNS,
WsuID: w.securityTokenID,
WsuID: ids.securityTokenID,
EncodingType: encTypeBinary,
ValueType: valTypeX509Token,
Value: w.certDER,
Expand All @@ -296,7 +301,7 @@ func (w *WSSEAuthInfo) sign(body Body) (security, error) {
XMLNS: wsuNS,
Reference: strReference{
ValueType: valTypeX509Token,
URI: "#" + w.securityTokenID,
URI: "#" + ids.securityTokenID,
},
},
},
Expand Down

0 comments on commit 84f5d79

Please sign in to comment.