Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 29949 invoked from network); 3 Mar 2009 02:48:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Mar 2009 02:48:20 -0000 Received: (qmail 99827 invoked by uid 500); 3 Mar 2009 02:48:20 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 99777 invoked by uid 500); 3 Mar 2009 02:48:20 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 99767 invoked by uid 99); 3 Mar 2009 02:48:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Mar 2009 18:48:20 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Mar 2009 02:48:19 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 2ED802388995; Tue, 3 Mar 2009 02:47:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r749513 - in /cxf/trunk: parent/pom.xml rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Date: Tue, 03 Mar 2009 02:47:58 -0000 To: commits@cxf.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090303024759.2ED802388995@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Tue Mar 3 02:47:58 2009 New Revision: 749513 URL: http://svn.apache.org/viewvc?rev=749513&view=rev Log: Go ahead and grab 4.0.2 Modified: cxf/trunk/parent/pom.xml cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Modified: cxf/trunk/parent/pom.xml URL: http://svn.apache.org/viewvc/cxf/trunk/parent/pom.xml?rev=749513&r1=749512&r2=749513&view=diff ============================================================================== --- cxf/trunk/parent/pom.xml (original) +++ cxf/trunk/parent/pom.xml Tue Mar 3 02:47:58 2009 @@ -1047,8 +1047,8 @@ woodstox4 org.codehaus.woodstox - wstx-asl - 3.9.9-3 + woodstox-core-asl + 4.0.2 Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=749513&r1=749512&r2=749513&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Mar 3 02:47:58 2009 @@ -19,11 +19,14 @@ package org.apache.cxf.ws.security.trust; +import java.io.IOException; +import java.net.URL; import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Properties; import java.util.Vector; import java.util.logging.Logger; @@ -35,11 +38,13 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.apache.cxf.Bus; import org.apache.cxf.BusException; import org.apache.cxf.binding.soap.SoapBindingConstants; import org.apache.cxf.binding.soap.model.SoapOperationInfo; +import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.i18n.Message; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; @@ -54,6 +59,7 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.resource.ResourceManager; import org.apache.cxf.service.Service; import org.apache.cxf.service.model.BindingInfo; import org.apache.cxf.service.model.BindingOperationInfo; @@ -64,6 +70,7 @@ import org.apache.cxf.ws.policy.EffectivePolicy; import org.apache.cxf.ws.policy.PolicyBuilder; import org.apache.cxf.ws.policy.PolicyEngine; +import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; import org.apache.cxf.ws.security.policy.model.Binding; import org.apache.cxf.ws.security.policy.model.Trust10; @@ -75,9 +82,11 @@ import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; +import org.apache.ws.security.components.crypto.CryptoFactory; import org.apache.ws.security.conversation.ConversationException; import org.apache.ws.security.conversation.dkalgo.P_SHA1; import org.apache.ws.security.message.token.Reference; +import org.apache.ws.security.processor.EncryptedDataProcessor; import org.apache.ws.security.processor.EncryptedKeyProcessor; import org.apache.ws.security.util.Base64; import org.apache.ws.security.util.WSSecurityUtil; @@ -113,10 +122,6 @@ Map ctx = new HashMap(); - private CallbackHandler cbHandler; - - private Crypto crypto; - public STSClient(Bus b) { bus = b; } @@ -449,15 +454,21 @@ } el = DOMUtils.getNextElement(el); } + Element rstDec = rst; + try { + rstDec = decrypt(rst); + } catch (IOException e1) { + throw new TrustException(e1); + } String id = findID(rar, rur, rst); if (StringUtils.isEmpty(id)) { throw new TrustException(new Message("NO_ID", LOG)); } - SecurityToken token = new SecurityToken(id, copyElement(rst), copyElement(lte)); - token.setAttachedReference(copyElement(rar)); - token.setUnattachedReference(copyElement(rur)); + SecurityToken token = new SecurityToken(id, rstDec, lte); + token.setAttachedReference(rar); + token.setUnattachedReference(rur); token.setIssuerAddress(location); @@ -476,12 +487,12 @@ EncryptedKeyProcessor processor = new EncryptedKeyProcessor(); - processor.handleToken(child, null, crypto, - cbHandler, null, new Vector(), + processor.handleToken(child, null, createCrypto(), + createHandler(), null, new Vector(), null); secret = processor.getDecryptedBytes(); - } catch (WSSecurityException e) { + } catch (IOException e) { throw new TrustException(new Message("ENCRYPTED_KEY_ERROR", LOG), e); } } else if (childQname.equals(new QName(namespace, "ComputedKey"))) { @@ -519,19 +530,92 @@ return token; } - private Element copyElement(Element el) { - if (el == null) { - return null; + protected Element decrypt(Element firstElement) throws IOException { + if ("EncryptedData".equals(firstElement.getLocalName()) + && "http://www.w3.org/2001/04/xmlenc#".equals(firstElement.getNamespaceURI())) { + + Node parent = firstElement.getParentNode(); + Node prev = firstElement.getPreviousSibling(); + + //encrypted even more. WCF seems to do this periodically + EncryptedDataProcessor processor = new EncryptedDataProcessor(); + + processor.handleToken(firstElement, null, createCrypto(), + createHandler(), null, new Vector(), + null); + + if (prev == null) { + firstElement = (Element)parent.getFirstChild(); + } else { + firstElement = (Element)prev.getNextSibling(); + } + } - try { - W3CDOMStreamWriter writer = new W3CDOMStreamWriter(); - writer.setNsRepairing(true); - StaxUtils.copy(el, writer); - return writer.getDocument().getDocumentElement(); - } catch (Exception ex) { - return el; + return firstElement; + } + + private CallbackHandler createHandler() { + Object o = getProperty(SecurityConstants.CALLBACK_HANDLER); + if (o instanceof String) { + try { + Class cls = ClassLoaderUtils.loadClass((String)o, this.getClass()); + o = cls.newInstance(); + } catch (Exception e) { + throw new Fault(e); + } } + return (CallbackHandler)o; } + + private Object getProperty(String s) { + Object o = ctx.get(s); + if (o == null) { + o = client.getEndpoint() + .getEndpointInfo().getProperty(s); + } + if (o == null) { + o = client.getEndpoint().getEndpointInfo().getBinding().getProperty(s); + } + if (o == null) { + o = client.getEndpoint().getService().get(s); + } + return o; + } + + private Crypto createCrypto() throws IOException { + Crypto crypto = (Crypto)getProperty(SecurityConstants.ENCRYPT_CRYPTO); + if (crypto != null) { + return crypto; + } + + + Object o = getProperty(SecurityConstants.ENCRYPT_PROPERTIES); + Properties properties = null; + if (o instanceof Properties) { + properties = (Properties)o; + } else if (o instanceof String) { + ResourceManager rm = bus.getExtension(ResourceManager.class); + URL url = rm.resolveResource((String)o, URL.class); + if (url == null) { + url = ClassLoaderUtils.getResource((String)o, this.getClass()); + } + if (url != null) { + properties = new Properties(); + properties.load(url.openStream()); + } else { + throw new Fault("Could not find properties file " + url, LOG); + } + } else if (o instanceof URL) { + properties = new Properties(); + properties.load(((URL)o).openStream()); + } + + if (properties != null) { + return CryptoFactory.getInstance(properties); + } + return null; + } + private String findID(Element rar, Element rur, Element rst) { String id = null; if (rst != null) { Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=749513&r1=749512&r2=749513&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Mar 3 02:47:58 2009 @@ -365,13 +365,18 @@ return dkSign.getSignatureValue(); } else { WSSecSignature sig = new WSSecSignature(); - sig.setCustomTokenId(secTok.getId().substring(1)); - sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS - + WSConstants.SAML_ASSERTION_ID); + sig.setCustomTokenId(secTok.getId()); + if (secTok.getTokenType() == null) { + sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS + + WSConstants.SAML_ASSERTION_ID); + sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); + } else { + sig.setCustomTokenValueType(secTok.getTokenType()); + sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); + } sig.setSecretKey(secTok.getSecret()); sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); - sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); sig.prepare(doc, getSignatureCrypto(wrapper), secHeader); sig.setParts(sigParts);