cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r727764 - in /cxf/trunk: rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/ws...
Date Thu, 18 Dec 2008 17:05:47 GMT
Author: dkulp
Date: Thu Dec 18 09:05:47 2008
New Revision: 727764

URL: http://svn.apache.org/viewvc?rev=727764&view=rev
Log:
Move to wss4j 1.5.5.  Enable processing of responses using derived keys from non-included
keys (keys in the keystore)

Modified:
    cxf/trunk/rt/ws/security/pom.xml
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java

Modified: cxf/trunk/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Thu Dec 18 09:05:47 2008
@@ -31,6 +31,22 @@
         <relativePath>../../../parent/pom.xml</relativePath>
     </parent>
 
+
+    <repositories>
+        <!--  temporary add the apache snapshot repo to get the wss4j snapshot -->
+        <repository>
+            <id>apache.snapshot</id>
+            <name>Apache Snapshot Repository</name>
+            <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+        </repository>
+    </repositories>
+
     <dependencies>
 
         <dependency>
@@ -71,7 +87,7 @@
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
-            <version>1.5.4</version>
+            <version>1.5.5-SNAPSHOT</version>
             <exclusions>
                 <exclusion>
                     <groupId>axis</groupId>

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Thu Dec 18 09:05:47 2008
@@ -311,6 +311,9 @@
         return action;
     }
     void assertWSS11(AssertionInfoMap aim, SoapMessage message) {
+        if (isRequestor(message)) {
+            message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
+        }
         Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
         if (ais != null) {
             for (AssertionInfo ai : ais) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Thu Dec 18 09:05:47 2008
@@ -61,9 +61,11 @@
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.util.WSSecurityUtil;
 
@@ -356,10 +358,19 @@
         public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
             for (int i = 0; i < callbacks.length; i++) {
                 WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-                String id = pc.getIdentifer();
-                for (SecurityToken token : store.getValidTokens()) {
-                    if (id.equals(token.getSHA1())) {
-                        pc.setKey(token.getSecret());
+                
+                String id = pc.getIdentifier();
+                if (pc.getKeyType().equals(SecurityTokenReference.ENC_KEY_SHA1_URI)) {
+                    for (SecurityToken token : store.getValidTokens()) {
+                        if (id.equals(token.getSHA1())) {
+                            pc.setKey(token.getSecret());
+                            return;
+                        }
+                    }                    
+                } else { 
+                    SecurityToken tok = store.getToken(id);
+                    if (tok != null) {
+                        pc.setKey(tok.getSecret());
                         return;
                     }
                 }
@@ -403,6 +414,24 @@
         }
         return cbHandler;
     }
+    public Crypto loadSignatureCrypto(RequestData reqData) 
+        throws WSSecurityException {
+        try {
+            return super.loadSignatureCrypto(reqData);
+        } catch (Exception ex) {
+            return null;
+        }
+    }
+    protected Crypto loadDecryptionCrypto(RequestData reqData) 
+        throws WSSecurityException {
+        try {
+            return super.loadDecryptionCrypto(reqData);
+        } catch (Exception ex) {
+            return null;
+        }
+    }
+
+
     
     /**
      * @return      the WSSecurityEngine in use by this interceptor.

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Dec 18 09:05:47 2008
@@ -432,6 +432,7 @@
                 st = getTokenStore().getToken(id);
             }
         }
+        getTokenStore().add(st);
         return st;
     }
 
@@ -779,6 +780,7 @@
                                                        Token token) throws WSSecurityException
{
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
         Crypto crypto = getEncryptionCrypto(wrapper);
+        message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
         setKeyIdentifierType(encrKey, wrapper, token);
         setEncryptionUser(encrKey, wrapper, false, crypto);
         encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
@@ -1026,6 +1028,8 @@
         }
 
         Crypto crypto = encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper);
+        message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
+
         String user = (String)message.getContextualProperty(userNameKey);
         if (StringUtils.isEmpty(user)) {
             user = crypto.getDefaultX509Alias();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Dec 18 09:05:47 2008
@@ -34,6 +34,7 @@
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
@@ -462,6 +463,7 @@
                     encr.setEncKeyId(encrTokId);
                     encr.setEphemeralKey(encrTok.getSecret());
                     Crypto crypto = getEncryptionCrypto(recToken);
+                    this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
                     setEncryptionUser(encr, recToken, false, crypto);
                    
                     encr.setDocument(saaj.getSOAPPart());
@@ -630,14 +632,14 @@
             sig.setSecretKey(tok.getSecret());
             sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getAsymmetricSignature());
             sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+            Crypto crypto = null;
             if (sbinding.getProtectionToken() != null) {
-                sig.prepare(saaj.getSOAPPart(), getEncryptionCrypto(sbinding.getProtectionToken()),
-                        secHeader);
+                crypto = getEncryptionCrypto(sbinding.getProtectionToken());
             } else {
-                sig.prepare(saaj.getSOAPPart(), getSignatureCrypto(policyTokenWrapper),
-                            secHeader);
+                crypto = getSignatureCrypto(policyTokenWrapper);
             }
-
+            this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
+            sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
             sig.setParts(sigs);
             sig.addReferencesToSign(sigs, secHeader);
 

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
Thu Dec 18 09:05:47 2008
@@ -40,7 +40,7 @@
         for (int i = 0; i < callbacks.length; i++) {
             WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
 
-            String pass = (String)passwords.get(pc.getIdentifer());
+            String pass = (String)passwords.get(pc.getIdentifier());
             if (pass != null) {
                 pc.setPassword(pass);
             }

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
(original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
Thu Dec 18 09:05:47 2008
@@ -49,7 +49,7 @@
         for (int i = 0; i < callbacks.length; i++) {
             WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
 
-            String pass = passwords.get(pc.getIdentifer());
+            String pass = passwords.get(pc.getIdentifier());
             if (pass != null) {
                 pc.setPassword(pass);
                 return;

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Thu Dec 18 09:05:47 2008
@@ -54,7 +54,7 @@
                 UnsupportedCallbackException {
             WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
 
-            if (pc.getIdentifer().equals("bob")) {
+            if (pc.getIdentifier().equals("bob")) {
                 // set the password on the callback. This will be compared to the
                 // password which was sent from the client.
                 pc.setPassword("pwd");



Mime
View raw message