cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r723821 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/src/test/java/org/apache/cxf/systest/ws/security/
Date Fri, 05 Dec 2008 19:08:16 GMT
Author: dkulp
Date: Fri Dec  5 11:08:16 2008
New Revision: 723821

URL: http://svn.apache.org/viewvc?rev=723821&view=rev
Log:
Make signature keys separate from stuff for usernametoken

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Fri Dec  5 11:08:16 2008
@@ -27,7 +27,9 @@
     public static final String PASSWORD = "ws-security.password";
     public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
     
+    public static final String SIGNATURE_USERNAME = "ws-security.signature.username";
     public static final String SIGNATURE_PROPERTIES = "ws-security.signature.properties";
+    
     public static final String ENCRYPT_USERNAME = "ws-security.encryption.username";
     public static final String ENCRYPT_PROPERTIES = "ws-security.encryption.properties";
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Dec  5 11:08:16 2008
@@ -828,7 +828,7 @@
     public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
                                   boolean sign, Crypto crypto) {
         String encrUser = (String)message.getContextualProperty(sign 
-                                                                ? SecurityConstants.USERNAME
+                                                                ? SecurityConstants.SIGNATURE_USERNAME
                                                                 : SecurityConstants.ENCRYPT_USERNAME);
         if (encrUser == null) {
             encrUser = crypto.getDefaultX509Alias();
@@ -962,31 +962,48 @@
         setKeyIdentifierType(sig, wrapper, token);
         
         boolean encryptCrypto = false;
-        String userNameKey = SecurityConstants.USERNAME;
+        String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
         String type = "signature";
         if (binding instanceof SymmetricBinding) {
             encryptCrypto = ((SymmetricBinding)binding).getProtectionToken() != null;
             userNameKey = SecurityConstants.ENCRYPT_USERNAME;
         }
 
-        
+        Crypto crypto = encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper);
         String user = (String)message.getContextualProperty(userNameKey);
         if (StringUtils.isEmpty(user)) {
+            user = crypto.getDefaultX509Alias();
+        }
+        if (user == null) {
+            try {
+                Enumeration<String> en = crypto.getKeyStore().aliases();
+                if (en.hasMoreElements()) {
+                    user = en.nextElement();
+                }
+                if (en.hasMoreElements()) {
+                    //more than one alias in the keystore, user WILL need
+                    //to specify
+                    user = null;
+                }            
+            } catch (KeyStoreException e) {
+                //ignore
+            }
+        }
+        if (StringUtils.isEmpty(user)) {
             policyNotAsserted(token, "No " + type + " username found.");
         }
 
         String password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
-        if (StringUtils.isEmpty(password)) {
-            policyNotAsserted(token, "No password found.");
+        if (password == null) {
+            password = "";
         }
-
         sig.setUserInfo(user, password);
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
         sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
         
         try {
             sig.prepare(saaj.getSOAPPart(),
-                        encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper),

+                        crypto, 
                         secHeader);
         } catch (WSSecurityException e) {
             policyNotAsserted(token, e);

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Fri Dec  5 11:08:16 2008
@@ -82,7 +82,7 @@
         
         EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo(); 
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
-        ei.setProperty(SecurityConstants.USERNAME, "alice");
+        ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -95,7 +95,7 @@
         
         ei = ep.getServer().getEndpoint().getEndpointInfo(); 
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
-        ei.setProperty(SecurityConstants.USERNAME, "alice");
+        ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -110,7 +110,7 @@
         DoubleItPortType pt;
 
         pt = service.getDoubleItPortEncryptThenSign();
-        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"alice");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

                                                       new KeystorePasswordCallback());
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -122,7 +122,7 @@
         
         
         pt = service.getDoubleItPortSignThenEncrypt();
-        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"alice");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

                                                       new KeystorePasswordCallback());
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -141,7 +141,7 @@
                 throw ex;
             }
         }
-        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"bob");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
         pt.doubleIt(BigInteger.valueOf(25));
         



Mime
View raw message