cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1076194 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ tokenstore/ wss4j/ wss4j/policyhandlers/
Date Wed, 02 Mar 2011 12:36:18 GMT
Author: coheigea
Date: Wed Mar  2 12:36:17 2011
New Revision: 1076194

URL: http://svn.apache.org/viewvc?rev=1076194&view=rev
Log:
Added support for Issued Tokens using the Transport Binding

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Wed Mar  2 12:36:17 2011
@@ -19,7 +19,7 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
-import java.security.Principal;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
@@ -48,11 +48,11 @@ import org.apache.cxf.ws.security.trust.
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.ws.security.CustomTokenPrincipal;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 
 /**
@@ -242,32 +242,23 @@ public class IssuedTokenInterceptorProvi
         ) {
             for (WSSecurityEngineResult wser : wsSecEngineResults) {
                 Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                if (actInt.intValue() == WSConstants.SIGN) {
-                    Principal principal = 
-                        (Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-                    if (principal instanceof CustomTokenPrincipal) {
-                        CustomTokenPrincipal customPrincipal = 
-                            (CustomTokenPrincipal)principal;
-                        byte[] secretKey = 
-                            (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                        if (secretKey != null) {
-                            SecurityToken token = 
-                                new SecurityToken(
-                                    customPrincipal.getName(), 
-                                    (java.util.Date)null, 
-                                    (java.util.Date)null
-                                );
-                            token.setSecret(secretKey);
-                            AssertionWrapper assertionWrapper = 
-                                (AssertionWrapper)customPrincipal.getTokenObject();
-                            if (assertionWrapper != null && assertionWrapper.getSaml1()
!= null) {
-                                token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
-                            } else if (assertionWrapper != null 
-                                && assertionWrapper.getSaml2() != null) {
-                                token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-                            }
-                            return token;
+                if (actInt.intValue() == WSConstants.ST_SIGNED) {
+                    AssertionWrapper assertionWrapper = 
+                        (AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                    SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
+                    if (subjectKeyInfo != null) {
+                        SecurityToken token = new SecurityToken(assertionWrapper.getId());
+                        token.setSecret(subjectKeyInfo.getSecret());
+                        X509Certificate[] certs = subjectKeyInfo.getCerts();
+                        if (certs != null && certs.length > 0) {
+                            token.setX509Certificate(certs[0], null);
+                        }
+                        if (assertionWrapper.getSaml1() != null) {
+                            token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+                        } else if (assertionWrapper.getSaml2() != null) {
+                            token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                         }
+                        return token;
                     }
                 }
             }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Wed Mar  2 12:36:17 2011
@@ -136,6 +136,11 @@ public class SecurityToken {
     public SecurityToken() {
         
     }
+    
+    public SecurityToken(String id) {
+        this.id = id;
+    }
+
     public SecurityToken(String id, Date created, Date expires) {
         this.id = id;
         this.created = created;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Mar  2 12:36:17 2011
@@ -60,12 +60,15 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.cxf.ws.security.policy.model.RequiredElements;
 import org.apache.cxf.ws.security.policy.model.RequiredParts;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.policy.model.TransportToken;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.policy.model.X509Token;
@@ -262,6 +265,31 @@ public class PolicyBasedWSS4JInIntercept
             assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
             assertPolicy(aim, SP12Constants.SUPPORTING_TOKENS);
         }
+        
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                TransportBinding binding = (TransportBinding)ai.getAssertion();
+                TransportToken token = binding.getTransportToken();
+                if (token != null && token.getToken() instanceof IssuedToken) {
+                    action = addToAction(action, "Signature", true);
+                    Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+                    Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+                    if (s != null) {
+                        message.put("decryptionPropRefId", "RefId-" + s.toString());
+                        message.put("RefId-" + s.toString(), getProps(s, message));
+                        if (e == null) {
+                            e = s;
+                        }
+                    }
+                    if (e != null) {
+                        message.put("SignaturePropRefId", "RefId-" + e.toString());
+                        message.put("RefId-" + e.toString(), getProps(e, message));
+                    }
+                }
+            }
+        }
+        
         return action;
     }
     private String checkSymetricBinding(AssertionInfoMap aim, 
@@ -692,10 +720,19 @@ public class PolicyBasedWSS4JInIntercept
         if (ais == null) {                       
             return true;
         }
-        assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
+        
+        for (AssertionInfo ai : ais) {
+            TransportBinding binding = (TransportBinding)ai.getAssertion();
+            ai.setAsserted(true);
+            if (binding.getTransportToken() != null) {
+                assertPolicy(aim, binding.getTransportToken());
+                assertPolicy(aim, binding.getTransportToken().getToken());
+            }
+        }
+        
         assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
         assertPolicy(aim, SP12Constants.SIGNED_PARTS);
-        return !assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
+        return true;
     }
 
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Mar  2 12:36:17 2011
@@ -36,6 +36,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
@@ -46,6 +47,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.TokenWrapper;
 import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.policy.model.TransportToken;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -118,6 +120,30 @@ public class TransportBindingHandler ext
         
         try {
             if (this.isRequestor()) {
+                TransportToken transportTokenWrapper = tbinding.getTransportToken();
+                if (transportTokenWrapper != null) {
+                    Token transportToken = transportTokenWrapper.getToken();
+                    if (transportToken instanceof IssuedToken) {
+                        SecurityToken secToken = getSecurityToken();
+                        if (secToken == null) {
+                            policyNotAsserted(transportToken, "No transport token id");
+                            return;
+                        } else {
+                            policyAsserted(transportToken);
+                        }
+                        
+                        IncludeTokenType inclusion = transportToken.getInclusion();
+                        if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
+                            || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion
+                            || (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

+                                == inclusion)) {
+                            
+                            Element el = secToken.getToken();
+                            addEncyptedKeyElement(cloneElement(el));
+                        } 
+                    }
+                }
+                
                 List<byte[]> signatureValues = new ArrayList<byte[]>();
 
                 ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);



Mime
View raw message