cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r762495 - in /cxf/trunk/rt: transports/http/src/main/java/org/apache/cxf/transport/https/ ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
Date Mon, 06 Apr 2009 20:27:20 GMT
Author: dkulp
Date: Mon Apr  6 20:27:20 2009
New Revision: 762495

URL: http://svn.apache.org/viewvc?rev=762495&view=rev
Log:
[CXF-2158] Fix problem of referencing a token via ID instead of wsu:Id
Fix validation of trandport binding things that usually won't have sigs
If username/tokens are required, but not provided a username, throw exception.

Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Mon Apr  6 20:27:20 2009
@@ -35,6 +35,7 @@
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
@@ -147,8 +148,6 @@
                     throw new IIOException("Error while initializing secure socket", ex);
                 }
             }
-        } else {
-            assert false;
         }
 
         return connection;
@@ -187,9 +186,27 @@
                       ? SSLContext.getInstance(protocol)
                       : SSLContext.getInstance(protocol, provider);
             
+                      
+
+            TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers();
+            /*
+            TrustManager[] trustAllCerts = new TrustManager[] {
+                new javax.net.ssl.X509TrustManager() {
+                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                        return null;
+                    }
+                    public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                    public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                }
+            };
+            */         
             ctx.init(
-                tlsClientParameters.getKeyManagers(), 
-                tlsClientParameters.getTrustManagers(), 
+                tlsClientParameters.getKeyManagers(),
+                trustAllCerts, 
                 tlsClientParameters.getSecureRandom());
             
             // The "false" argument means opposite of exclude.

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Mon Apr  6 20:27:20 2009
@@ -531,6 +531,7 @@
     private boolean assertTransportBinding(AssertionInfoMap aim) {
         assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
         assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
+        assertPolicy(aim, SP12Constants.SIGNED_PARTS);
         return !assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Mon Apr  6 20:27:20 2009
@@ -594,10 +594,10 @@
                 info.setAsserted(true);
                 return utBuilder;
             } else {
-                info.setNotAsserted("No password available");
+                policyNotAsserted(token, "No username available");
             }
         } else {
-            info.setNotAsserted("No username available");
+            policyNotAsserted(token, "No username available");
         }
         return null;
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Mon Apr  6 20:27:20 2009
@@ -385,12 +385,21 @@
             return dkSign.getSignatureValue();
         } else {
             WSSecSignature sig = new WSSecSignature();
-            sig.setCustomTokenId(secTok.getId());
             if (secTok.getTokenType() == null) {
+                sig.setCustomTokenId(secTok.getId());
                 sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
                                             + WSConstants.SAML_ASSERTION_ID);
                 sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
             } else {
+                String id = secTok.getWsuId();
+                if (id == null) {
+                    sig.setCustomTokenId(secTok.getId());
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+                } else {
+                    sig.setCustomTokenId(secTok.getWsuId());
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+                }
+                sig.setCustomTokenValueType(secTok.getTokenType());
                 sig.setCustomTokenValueType(secTok.getTokenType());
                 sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
             }



Mime
View raw message