cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1130158 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers: AbstractBindingBuilder.java SymmetricBindingHandler.java TransportBindingHandler.java
Date Wed, 01 Jun 2011 14:13:30 GMT
Author: coheigea
Date: Wed Jun  1 14:13:29 2011
New Revision: 1130158

URL: http://svn.apache.org/viewvc?rev=1130158&view=rev
Log:
[CXF-3535] - Use the Requested(Un)AttachedReference returned from an STS to refer to a SecurityToken
for signature

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1130158&r1=1130157&r2=1130158&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Jun  1 14:13:29 2011
@@ -1471,19 +1471,33 @@ public abstract class AbstractBindingBui
             SecurityToken securityToken = getSecurityToken();
             String tokenType = securityToken.getTokenType();
             
-            int type = attached ? WSConstants.CUSTOM_SYMM_SIGNING 
-                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
-            if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                || WSConstants.SAML_NS.equals(tokenType)) {
-                sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-            } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                || WSConstants.SAML2_NS.equals(tokenType)) {
-                sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+            Element ref;
+            if (attached) {
+                ref = securityToken.getAttachedReference();
+            } else {
+                ref = securityToken.getUnattachedReference();
+            }
+            
+            if (ref != null) {
+                SecurityTokenReference secRef = 
+                    new SecurityTokenReference(cloneElement(ref), false);
+                sig.setSecurityTokenReference(secRef);
                 sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
             } else {
-                sig.setCustomTokenValueType(tokenType);
-                sig.setKeyIdentifierType(type);
+                int type = attached ? WSConstants.CUSTOM_SYMM_SIGNING 
+                    : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
+                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML_NS.equals(tokenType)) {
+                    sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                    sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                } else {
+                    sig.setCustomTokenValueType(tokenType);
+                    sig.setKeyIdentifierType(type);
+                }
             }
             
             String sigTokId;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1130158&r1=1130157&r2=1130158&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Wed Jun  1 14:13:29 2011
@@ -505,27 +505,39 @@ public class SymmetricBindingHandler ext
                     encr.setEncryptSymmKey(false);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                     
-                    if (!isRequestor()) {
+                    if (encrToken instanceof IssuedToken) {
+                        //Setting the AttachedReference or the UnattachedReference according
to the flag
+                        Element ref;
+                        if (attached) {
+                            ref = encrTok.getAttachedReference();
+                        } else {
+                            ref = encrTok.getUnattachedReference();
+                        }
+
+                        String tokenType = encrTok.getTokenType();
+                        if (ref != null) {
+                            SecurityTokenReference secRef = 
+                                new SecurityTokenReference(cloneElement(ref), false);
+                            encr.setSecurityTokenReference(secRef);
+                        } else if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                            || WSConstants.SAML_NS.equals(tokenType)) {
+                            encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                            || WSConstants.SAML2_NS.equals(tokenType)) {
+                            encr.setCustomReferenceValue(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                        } else {
+                            encr.setCustomReferenceValue(tokenType);
+                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                        }
+                    } else if (!isRequestor()) {
                         if (encrTok.getSHA1() != null) {
                             encr.setCustomReferenceValue(encrTok.getSHA1());
                             encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
                         } else {
                             encr.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
                         }
-                    } else {
-                        if (encrToken instanceof IssuedToken) {
-                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                            String tokenType = encrTok.getTokenType();
-                            if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                                || WSConstants.SAML_NS.equals(tokenType)) {
-                                encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                            } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                                || WSConstants.SAML2_NS.equals(tokenType)) {
-                                encr.setCustomReferenceValue(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                            } else {
-                                encr.setCustomReferenceValue(tokenType);
-                            }
-                        }
                     }
 
                     encr.prepare(saaj.getSOAPPart(), crypto);
@@ -681,18 +693,33 @@ public class SymmetricBindingHandler ext
                     sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
                 }
             } else {
-                String tokenType = tok.getTokenType();
-                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                    || WSConstants.SAML_NS.equals(tokenType)) {
-                    sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                    || WSConstants.SAML2_NS.equals(tokenType)) {
-                    sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                //Setting the AttachedReference or the UnattachedReference according to the
flag
+                Element ref;
+                if (included) {
+                    ref = tok.getAttachedReference();
+                } else {
+                    ref = tok.getUnattachedReference();
+                }
+                
+                if (ref != null) {
+                    SecurityTokenReference secRef = 
+                        new SecurityTokenReference(cloneElement(ref), false);
+                    sig.setSecurityTokenReference(secRef);
                     sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                 } else {
-                    sig.setCustomTokenValueType(tokenType);
-                    sig.setKeyIdentifierType(type);
+                    String tokenType = tok.getTokenType();
+                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML_NS.equals(tokenType)) {
+                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                    } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML2_NS.equals(tokenType)) {
+                        sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                    } else {
+                        sig.setCustomTokenValueType(tokenType);
+                        sig.setKeyIdentifierType(type);
+                    }
                 }
             }
             

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1130158&r1=1130157&r2=1130158&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Jun  1 14:13:29 2011
@@ -62,6 +62,7 @@ import org.apache.ws.security.message.WS
 import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.message.WSSecTimestamp;
 import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 
 /**
@@ -425,7 +426,21 @@ public class TransportBindingHandler ext
         List<WSEncryptionPart> sigParts
     ) throws Exception {
         WSSecSignature sig = new WSSecSignature(wssConfig);
-        if (secTok.getTokenType() == null) {
+        
+        //Setting the AttachedReference or the UnattachedReference according to the flag
+        Element ref;
+        if (tokenIncluded) {
+            ref = secTok.getAttachedReference();
+        } else {
+            ref = secTok.getUnattachedReference();
+        }
+        
+        if (ref != null) {
+            SecurityTokenReference secRef = 
+                new SecurityTokenReference(cloneElement(ref), false);
+            sig.setSecurityTokenReference(secRef);
+            sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+        } else if (secTok.getTokenType() == null) {
             sig.setCustomTokenId(secTok.getId());
             sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
             sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);



Mime
View raw message