cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r743446 - in /cxf/trunk: buildtools/src/main/resources/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ rt/ws/security/src/main/java/org/apache/cxf/...
Date Wed, 11 Feb 2009 18:44:51 GMT
Author: dkulp
Date: Wed Feb 11 18:44:51 2009
New Revision: 743446

URL: http://svn.apache.org/viewvc?rev=743446&view=rev
Log:
More steps toward WS-SecureConversation (we get a token back now :-)

Modified:
    cxf/trunk/buildtools/src/main/resources/cxf-checkstyle-corba.xml
    cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java

Modified: cxf/trunk/buildtools/src/main/resources/cxf-checkstyle-corba.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle-corba.xml?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/buildtools/src/main/resources/cxf-checkstyle-corba.xml (original)
+++ cxf/trunk/buildtools/src/main/resources/cxf-checkstyle-corba.xml Wed Feb 11 18:44:51 2009
@@ -260,7 +260,7 @@
 		<!--<module name="CyclomaticComplexity"/>-->
 		<!--<module name="NPathComplexity"/>-->
 		<module name="JavaNCSS">
-			<property name="methodMaximum" value="75" />
+			<property name="methodMaximum" value="100" />
 		</module>
 
 

Modified: cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml (original)
+++ cxf/trunk/buildtools/src/main/resources/cxf-checkstyle.xml Wed Feb 11 18:44:51 2009
@@ -254,7 +254,7 @@
 		<!--<module name="CyclomaticComplexity"/>-->
 		<!--<module name="NPathComplexity"/>-->
 		<module name="JavaNCSS">
-			<property name="methodMaximum" value="75" />
+			<property name="methodMaximum" value="100" />
 		</module>
 
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
Wed Feb 11 18:44:51 2009
@@ -144,10 +144,10 @@
                                 Map<String, Object> ctx = client.getRequestContext();
                                 mapSecurityProps(message, ctx);
                                 if (maps == null) {
-                                    tok = client.requestSecurityToken();
+                                    tok = client.requestSecurityToken(s);
                                 } else {
                                     client.setAddressingNamespace(maps.getNamespaceURI());
-                                    tok = client.requestSecurityToken();
+                                    tok = client.requestSecurityToken(s);
                                 }
                             } catch (RuntimeException e) {
                                 throw e;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Wed Feb 11 18:44:51 2009
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.trust;
 
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -28,6 +29,8 @@
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
 import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
@@ -87,6 +90,7 @@
 import org.apache.ws.security.processor.EncryptedKeyProcessor;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
 
 /**
  * 
@@ -114,6 +118,7 @@
     String addressingNamespace;
     
     boolean isSecureConv;
+    int ttl = 300;
     
     Map<String, Object> ctx = new HashMap<String, Object>();
 
@@ -305,6 +310,7 @@
     public SecurityToken requestSecurityToken() throws Exception {
         return requestSecurityToken(null);
     }
+
     public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
         createClient();
         BindingOperationInfo boi = findOperation("/RST/Issue");
@@ -316,7 +322,7 @@
         }
         
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-        writer.writeStartElement(namespace, "RequestSecurityToken");
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
         boolean wroteKeySize = false;
         String keyType = null;
         if (template != null) {
@@ -333,28 +339,21 @@
             }
         }
         
-        if (isSecureConv && keyType == null) {
-            writer.writeStartElement(namespace, "TokenType");
-            writer.writeCharacters("http://schemas.xmlsoap.org/ws/2005/02/sc/sct");
-            writer.writeEndElement();
-            keyType = namespace + "/SymmetricKey";
-        }
-        writer.writeStartElement(namespace, "RequestType");
+
+        writer.writeStartElement("wst", "RequestType", namespace);
         writer.writeCharacters(namespace + "/Issue");
-        writer.writeEndElement();
-        if (appliesTo != null && addressingNamespace != null) {
-            writer.writeStartElement("http://schemas.xmlsoap.org/ws/2004/09/policy", "AppliesTo");
-            writer.writeStartElement(addressingNamespace, "EndpointReference");
-            writer.writeStartElement(addressingNamespace, "Address");
-            writer.writeCharacters(appliesTo);
-            writer.writeEndElement();
-            writer.writeEndElement();
-            writer.writeEndElement();
-        }
-        //TODO: Lifetime element?
-        
-        if (keyType == null && !isSecureConv) {
-            writer.writeStartElement(namespace, "KeyType");
+        writer.writeEndElement();        
+        addAppliesTo(writer, appliesTo);
+        if (isSecureConv) {
+            addLifetime(writer);
+            if (keyType == null) {
+                writer.writeStartElement("wst", "TokenType", namespace);
+                writer.writeCharacters("http://schemas.xmlsoap.org/ws/2005/02/sc/sct");
+                writer.writeEndElement();
+                keyType = namespace + "/SymmetricKey";
+            }
+        } else if (keyType == null) {
+            writer.writeStartElement("wst", "KeyType", namespace);
             writer.writeCharacters(namespace + "/SymmetricKey");
             writer.writeEndElement();
             keyType = namespace + "/SymmetricKey";
@@ -363,31 +362,29 @@
         byte[] requestorEntropy = null;
         
         if (keyType.endsWith("SymmetricKey")) {
-            if (!wroteKeySize) {
-                writer.writeStartElement(namespace, "KeySize");
+            if (!wroteKeySize && !isSecureConv) {
+                writer.writeStartElement("wst", "KeySize", namespace);
                 writer.writeCharacters(Integer.toString(keySize));
                 writer.writeEndElement();
             }
         
             if ((trust10 != null && trust10.isRequireClientEntropy())
                 || (trust13 != null && trust13.isRequireClientEntropy())) {
-                writer.writeStartElement(namespace, "Entropy");
-                writer.writeStartElement(namespace, "BinarySecret");
-                writer.writeAttribute("Type", namespace + "/Nounce");
+                writer.writeStartElement("wst", "Entropy", namespace);
+                writer.writeStartElement("wst", "BinarySecret", namespace);
+                writer.writeAttribute("Type", namespace + "/Nonce");
                 requestorEntropy =
                     WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength()
/ 8);
                 writer.writeCharacters(Base64.encode(requestorEntropy));
     
                 writer.writeEndElement();
                 writer.writeEndElement();
-                if (!isSecureConv) {
-                    writer.writeStartElement(namespace, "ComputedKeyAlgorithm");
-                    writer.writeCharacters(namespace + "/CK/PSHA1");
-                    writer.writeEndElement();
-                }
+                writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
+                writer.writeCharacters(namespace + "/CK/PSHA1");
+                writer.writeEndElement();
             }
         } else if (keyType.endsWith("PublicKey")) {
-            writer.writeStartElement(namespace, "UseKey");
+            writer.writeStartElement("wst", "UseKey", namespace);
             writer.writeStartElement("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
             writer.writeStartElement("http://www.w3.org/2000/09/xmldsig#", "KeyValue");
             
@@ -410,6 +407,34 @@
         
         return createSecurityToken((Document)((DOMSource)obj[0]).getNode(), requestorEntropy);
     }
+    
+    private void addLifetime(XMLStreamWriter writer) throws XMLStreamException {
+        Date creationTime = new Date();
+        Date expirationTime = new Date();
+        expirationTime.setTime(creationTime.getTime() + (ttl * 1000));
+
+        XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
+        writer.writeStartElement("wst", "Lifetime", namespace);
+        writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
+        writer.writeCharacters(fmt.format(creationTime));
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
+        writer.writeCharacters(fmt.format(expirationTime));
+        writer.writeEndElement();
+        writer.writeEndElement();        
+    }
+    private void addAppliesTo(XMLStreamWriter writer, String appliesTo) throws XMLStreamException
{
+        if (appliesTo != null && addressingNamespace != null) {
+            writer.writeStartElement("wsp", "AppliesTo", "http://schemas.xmlsoap.org/ws/2004/09/policy");
+            writer.writeStartElement("wsa", "EndpointReference", addressingNamespace);
+            writer.writeStartElement("wsa", "Address", addressingNamespace);
+            writer.writeCharacters(appliesTo);
+            writer.writeEndElement();
+            writer.writeEndElement();
+            writer.writeEndElement();
+        }
+    }
 
     private SecurityToken createSecurityToken(Document document, byte[] requestorEntropy)

         throws WSSecurityException {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Wed Feb 11 18:44:51 2009
@@ -83,16 +83,7 @@
             boolean mustUnderstand = true;
             String actor = null;
             
-            WSSecHeader secHeader = new WSSecHeader(actor, mustUnderstand);
-            Element el = secHeader.insertSecurityHeader(saaj.getSOAPPart());
-            try {
-                //move to end
-                saaj.getSOAPHeader().removeChild(el);
-                saaj.getSOAPHeader().appendChild(el);
-            } catch (SOAPException e) {
-                //ignore
-            }
-            
+
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
@@ -121,6 +112,17 @@
                 
                 
                 if (transport != null) {
+                    WSSecHeader secHeader = new WSSecHeader(actor, mustUnderstand);
+                    Element el = secHeader.insertSecurityHeader(saaj.getSOAPPart());
+                    try {
+                        //move to end
+                        saaj.getSOAPHeader().removeChild(el);
+                        saaj.getSOAPHeader().appendChild(el);
+                    } catch (SOAPException e) {
+                        //ignore
+                    }
+                    
+                    
                     if (transport instanceof TransportBinding) {
                         new TransportBindingHandler((TransportBinding)transport, saaj,
                                                     secHeader, aim, message).handleBinding();
@@ -131,6 +133,10 @@
                         new AsymmetricBindingHandler((AsymmetricBinding)transport, saaj,
                                                      secHeader, aim, message).handleBinding();
                     }
+                    
+                    if (el.getFirstChild() == null) {
+                        el.getParentNode().removeChild(el);
+                    }
                 }
                 
                 ais = aim.get(SP12Constants.WSS10);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Feb 11 18:44:51 2009
@@ -239,7 +239,7 @@
         if (assertion == null) {
             return;
         }
-        LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
+        LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -255,7 +255,7 @@
         if (assertion == null) {
             return;
         }
-        LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
+        LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -271,7 +271,7 @@
         if (assertion == null) {
             return;
         }
-        LOG.log(Level.INFO, "Asserting " + assertion.getName());
+        LOG.log(Level.FINE, "Asserting " + assertion.getName());
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=743446&r1=743445&r2=743446&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Wed Feb 11 18:44:51 2009
@@ -33,6 +33,7 @@
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
@@ -280,7 +281,7 @@
             SecurityToken sigTok = null;
             if (sigToken != null) {
                 if (sigToken instanceof SecureConversationToken) {
-                    //sigTokId = getSecConvTokenId();
+                    sigTok = getSecurityToken();
                 } else if (sigToken instanceof IssuedToken) {
                     sigTok = getSecurityToken();
                 } else if (sigToken instanceof X509Token) {
@@ -387,7 +388,7 @@
                          false);
         } catch (Exception e) {
             e.printStackTrace();
-            //REVISIT!!
+            throw new Fault(e);
         }
     }
     
@@ -463,9 +464,11 @@
                     encr.setEncKeyId(encrTokId);
                     encr.setEphemeralKey(encrTok.getSecret());
                     Crypto crypto = getEncryptionCrypto(recToken);
-                    this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
-                    setEncryptionUser(encr, recToken, false, crypto);
-                   
+                    if (crypto != null) {
+                        this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO,
crypto);
+                        setEncryptionUser(encr, recToken, false, crypto);
+                    }
+                    
                     encr.setDocument(saaj.getSOAPPart());
                     encr.setEncryptSymmKey(false);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());



Mime
View raw message