cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r750182 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Date Wed, 04 Mar 2009 22:03:52 GMT
Author: dkulp
Date: Wed Mar  4 22:03:52 2009
New Revision: 750182

URL: http://svn.apache.org/viewvc?rev=750182&view=rev
Log:
Try to workaround how WCF tries to improperly interpret a policy so we really do get ws-trust10
at 100%

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=750182&r1=750181&r2=750182&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Mar  4 22:03:52 2009
@@ -48,6 +48,8 @@
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncryptedKey;
@@ -132,10 +134,12 @@
 
                         for (Token token : sgndSuppTokens.getTokens()) {
                             if (token instanceof IssuedToken
-                                || token instanceof SecureConversationToken) {
+                                || token instanceof SecureConversationToken
+                                || token instanceof KeyValueToken) {
                                 signatureValues.add(doIssuedTokenSignature(token, signdParts,
                                                                            sgndSuppTokens));
-                            } else if (token instanceof X509Token) {
+                            } else if (token instanceof X509Token
+                                || token instanceof KeyValueToken) {
                                 signatureValues.add(doX509TokenSignature(token, signdParts,
sgndSuppTokens));
                             }
                         }
@@ -166,14 +170,13 @@
                             if (token instanceof IssuedToken
                                 || token instanceof SecureConversationToken) {
                                 signatureValues.add(doIssuedTokenSignature(token, 
-                                                                           null, 
+                                                                           sgndSuppTokens.getSignedParts(),

                                                                            sgndSuppTokens));
-                            } else if (token instanceof X509Token) {
+                            } else if (token instanceof X509Token
+                                || token instanceof KeyValueToken) {
                                 signatureValues.add(doX509TokenSignature(token, 
                                                                          sgndSuppTokens.getSignedParts(),

                                                                          sgndSuppTokens));
-                            } else if (token instanceof KeyValueToken) {
-                                //
                             }
                         }
                     }
@@ -201,7 +204,7 @@
         }
     }
     
-    
+
     private byte[] doX509TokenSignature(Token token, SignedEncryptedParts signdParts,
                                         TokenWrapper wrapper) 
         throws Exception {
@@ -263,12 +266,6 @@
         } else {
             WSSecSignature sig = getSignatureBuider(wrapper, token, false);
             sig.prependBSTElementToHeader(secHeader);
-            /*
-            if (isTokenProtection()
-                && !(SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER == token.getInclusion()))
{
-                sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
-            }
-            */
             
             sig.addReferencesToSign(sigParts, secHeader);
             insertBeforeBottomUp(sig.getSignatureElement());
@@ -309,12 +306,17 @@
             if (signdParts.isBody()) {
                 sigParts.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
             }
-    
-            for (Header header : signdParts.getHeaders()) {
-                WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
-                        header.getNamespace(),
-                        "Content");
-                sigParts.add(wep);
+            if (secTok.getX509Certificate() != null) {
+                //the "getX509Certificate" this is to workaround an issue in WCF
+                //In WCF, for TransportBinding, in most cases, it doesn't wan't any of
+                //the headers signed even if the policy sais so.   HOWEVER, for KeyValue
+                //IssuedTokends, it DOES want them signed
+                for (Header header : signdParts.getHeaders()) {
+                    WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
+                            header.getNamespace(),
+                            "Content");
+                    sigParts.add(wep);
+                }
             }
         }
         
@@ -368,10 +370,26 @@
                 sig.setCustomTokenValueType(secTok.getTokenType());
                 sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
             }
-            sig.setSecretKey(secTok.getSecret());
-            sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
-            sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
-            sig.prepare(doc, getSignatureCrypto(wrapper), secHeader);
+            Crypto crypto = null;
+            if (secTok.getSecret() == null) {
+                sig.setX509Certificate(secTok.getX509Certificate());
+                
+                crypto = secTok.getCrypto();
+                String uname = crypto.getKeyStore().getCertificateAlias(secTok.getX509Certificate());
+                String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
+                if (password == null) {
+                    password = "";
+                }
+                sig.setUserInfo(uname, password);
+                sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+            } else {
+                crypto = getSignatureCrypto(wrapper);
+                sig.setSecretKey(secTok.getSecret());
+                sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            }
+            sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+
+            sig.prepare(doc, crypto, secHeader);
 
             sig.setParts(sigParts);
             sig.addReferencesToSign(sigParts, secHeader);



Mime
View raw message