cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1153851 - in /cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security: common/ saml/ xml/
Date Thu, 04 Aug 2011 11:28:52 GMT
Author: sergeyb
Date: Thu Aug  4 11:28:51 2011
New Revision: 1153851

URL: http://svn.apache.org/viewvc?rev=1153851&view=rev
Log:
CXF-3661,CXF-3677: More refactoring to minimize the duplication

Added:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
  (with props)
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
  (with props)
Modified:
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
Thu Aug  4 11:28:51 2011
@@ -20,6 +20,7 @@
 package org.apache.cxf.systest.jaxrs.security.common;
 
 import java.io.IOException;
+import java.security.cert.X509Certificate;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -31,6 +32,7 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoType;
 
 public final class SecurityUtils {
     
@@ -38,6 +40,18 @@ public final class SecurityUtils {
         
     }
     
+    public static X509Certificate[] getCertificates(Crypto crypto, String user)
+        throws WSSecurityException {
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(user);
+        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+        if (issuerCerts == null || issuerCerts.length == 0) {
+            throw new WSSecurityException(
+                "No issuer certs were found using issuer name: " + user);
+        }
+        return issuerCerts;
+    }
+    
     public static Crypto getCrypto(Message message,
                             String cryptoKey, 
                             String propKey) 

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java?rev=1153851&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
Thu Aug  4 11:28:51 2011
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.common;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+
+public class TrustValidator {
+    public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey) 
+        throws WSSecurityException {
+        SignatureTrustValidator validator = new SignatureTrustValidator();
+        RequestData data = new RequestData();
+        data.setSigCrypto(crypto);
+        
+        Credential trustCredential = new Credential();
+        trustCredential.setPublicKey(publicKey);
+        trustCredential.setCertificates(new X509Certificate[]{cert});
+        validator.validate(trustCredential, data);
+    }
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
Thu Aug  4 11:28:51 2011
@@ -29,12 +29,11 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 
 import org.w3c.dom.Document;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
@@ -42,6 +41,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
+import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -85,7 +85,7 @@ public abstract class AbstractSamlInHand
                 RequestData data = new RequestData();
                 WSSConfig cfg = WSSConfig.getNewInstance(); 
                 data.setWssConfig(cfg);
-                data.setCallbackHandler(getCallbackHandler(message));
+                data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
                 try {
                     data.setSigCrypto(new CryptoLoader().getCrypto(message,
                                                 SecurityConstants.SIGNATURE_CRYPTO,
@@ -294,21 +294,4 @@ public abstract class AbstractSamlInHand
         return false;
     }
     
-    private CallbackHandler getCallbackHandler(Message message) {
-        //Then try to get the password from the given callback handler
-        Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
-    
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = (CallbackHandler)ClassLoaderUtils
-                    .loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                handler = null;
-            }
-        }
-        return handler;
-    }
 }

Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java?rev=1153851&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
(added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
Thu Aug  4 11:28:51 2011
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.lang.annotation.Annotation;
+import java.util.List;
+import java.util.logging.Logger;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
+import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.ws.security.WSSConfig;
+
+
+public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
+    private static final Logger LOG = 
+        LogUtils.getL7dLogger(AbstractXmlSecOutInterceptor.class);
+    
+    static {
+        WSSConfig.init();
+    }
+    
+    public AbstractXmlSecOutInterceptor() {
+        super(Phase.WRITE);
+    } 
+
+    public void handleMessage(Message message) throws Fault {
+        try {
+            Document doc = getDomDocument(message);
+            if (doc == null) {
+                return;
+            }
+ 
+            Document finalDoc = processDocument(message, doc);
+            message.setContent(List.class, 
+                new MessageContentsList(new DOMSource(finalDoc)));
+        } catch (Exception ex) {
+            StringWriter sw = new StringWriter();
+            ex.printStackTrace(new PrintWriter(sw));
+            LOG.warning(sw.toString());
+            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+        }
+    }
+    
+    protected abstract Document processDocument(Message message, Document doc)
+        throws Exception; 
+    
+    
+    
+    private Object getRequestBody(Message message) {
+        MessageContentsList objs = MessageContentsList.getContentsList(message);
+        if (objs == null || objs.size() == 0) {
+            return null;
+        } else {
+            return objs.get(0);
+        }
+    }
+    
+    @SuppressWarnings("unchecked")
+    private Document getDomDocument(Message m) throws Exception {
+        
+        Object body = getRequestBody(m);
+        if (body == null) {
+            return null;
+        }
+        
+        if (body instanceof Document) {
+            return (Document)body;
+        }
+        if (body instanceof DOMSource) {
+            return (Document)((DOMSource)body).getNode();
+        }
+        
+        ProviderFactory pf = ProviderFactory.getInstance(m);
+        
+        Object providerObject = pf.createMessageBodyWriter(body.getClass(), 
+                                   body.getClass(), new Annotation[]{}, 
+                                   MediaType.APPLICATION_XML_TYPE, m);
+        if (!(providerObject instanceof JAXBElementProvider)) {
+            return null;
+        }
+        JAXBElementProvider provider = (JAXBElementProvider)providerObject;
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        m.setContent(XMLStreamWriter.class, writer);
+        provider.writeTo(body, body.getClass(), 
+                         body.getClass(), new Annotation[]{},
+                         MediaType.APPLICATION_XML_TYPE,
+                         (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
+        return writer.getDocument();
+    }
+    
+}

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
Thu Aug  4 11:28:51 2011
@@ -37,6 +37,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
@@ -47,15 +48,13 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
 import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
 import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
+import org.apache.cxf.systest.jaxrs.security.common.TrustValidator;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
@@ -146,11 +145,8 @@ public class XmlEncInHandler implements 
             throwFault("X509Certificate can not be created", ex);
         }
         
-        Credential trustCredential = new Credential();
-        trustCredential.setPublicKey(null);
-        trustCredential.setCertificates(new X509Certificate[]{cert});
         try {
-            validateTrust(trustCredential, crypto);
+            new TrustValidator().validateTrust(crypto, cert, null);
         } catch (Exception ex) {
             throwFault(ex.getMessage(), ex);
         }
@@ -234,13 +230,7 @@ public class XmlEncInHandler implements 
         return null;
     }
     
-    private void validateTrust(Credential cred, Crypto crypto) throws Exception {
-        SignatureTrustValidator validator = new SignatureTrustValidator();
-        RequestData data = new RequestData();
-        data.setSigCrypto(crypto);
-        validator.validate(cred, data);
-    }
-    
+       
     protected void throwFault(String error, Exception ex) {
         // TODO: get bundle resource message once this filter is moved 
         // to rt/rs/security

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
Thu Aug  4 11:28:51 2011
@@ -18,13 +18,9 @@
  */
 package org.apache.cxf.systest.jaxrs.security.xml;
 
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.lang.annotation.Annotation;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
-import java.util.List;
 import java.util.logging.Logger;
 
 import javax.crypto.BadPaddingException;
@@ -32,10 +28,6 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -43,27 +35,17 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
-import org.apache.cxf.jaxrs.provider.ProviderFactory;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
 import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.message.token.DOMX509Data;
 import org.apache.ws.security.message.token.DOMX509IssuerSerial;
 import org.apache.ws.security.util.Base64;
@@ -72,21 +54,16 @@ import org.apache.ws.security.util.WSSec
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
 
-public class XmlEncOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
     private static final Logger LOG = 
         LogUtils.getL7dLogger(XmlEncOutInterceptor.class);
     
-    static {
-        WSSConfig.init();
-    }
-    
     private boolean encryptSymmetricKey = true;
     private SecretKey symmetricKey;
     private String keyEncAlgo = XMLCipher.RSA_OAEP; 
     private String symEncAlgo = XMLCipher.AES_256;
     
     public XmlEncOutInterceptor() {
-        super(Phase.WRITE);
         addAfter(XmlSigOutInterceptor.class.getName());
     } 
 
@@ -98,30 +75,12 @@ public class XmlEncOutInterceptor extend
         keyEncAlgo = algo;
     }
     
-    public void handleMessage(Message message) throws Fault {
-        try {
-            Object body = getRequestBody(message);
-            if (body == null) {
-                return;
-            }
-            Document doc = getDomDocument(body, message);
-            if (doc == null) {
-                return;
-            }
- 
-            Document encryptedDataDoc = encryptDocument(message, doc);
-            message.setContent(List.class, 
-                new MessageContentsList(new DOMSource(encryptedDataDoc)));
-        } catch (Exception ex) {
-            StringWriter sw = new StringWriter();
-            ex.printStackTrace(new PrintWriter(sw));
-            LOG.warning(sw.toString());
-            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
-        }
+    protected Document processDocument(Message message, Document payloadDoc) 
+        throws Exception {
+        return encryptDocument(message, payloadDoc);
     }
     
-    // at the moment all the doc gets encrypted
-    private Document encryptDocument(Message message, Document payloadDoc) 
+    protected Document encryptDocument(Message message, Document payloadDoc) 
         throws Exception {
         
         byte[] secretKey = getSymmetricKey();
@@ -174,16 +133,7 @@ public class XmlEncOutInterceptor extend
     }
     
     private X509Certificate getReceiverCertificate(Crypto crypto, String user) throws Exception
{
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-        cryptoType.setAlias(user);
-        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
-        if (certs == null || certs.length <= 0) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILURE,
-                "noUserCertsFound",  
-                new Object[] {user, "encryption"}
-            );
-        }
+        X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
         return certs[0];
     }
     
@@ -218,10 +168,12 @@ public class XmlEncOutInterceptor extend
             EncryptionUtils.initCipherWithCert(keyEncAlgo, Cipher.ENCRYPT_MODE, remoteCert);
         int blockSize = cipher.getBlockSize();
         if (blockSize > 0 && blockSize < keyBytes.length) {
+            String message = "Public key algorithm too weak to encrypt symmetric key";
+            LOG.severe(message);
             throw new WSSecurityException(
                 WSSecurityException.FAILURE,
                 "unsupportedKeyTransp",
-                new Object[] {"public key algorithm too weak to encrypt symmetric key"}
+                new Object[] {message}
             );
         }
         byte[] encryptedEphemeralKey = null;
@@ -354,41 +306,5 @@ public class XmlEncOutInterceptor extend
     }
     
     
-    private Object getRequestBody(Message message) {
-        MessageContentsList objs = MessageContentsList.getContentsList(message);
-        if (objs == null || objs.size() == 0) {
-            return null;
-        } else {
-            return objs.get(0);
-        }
-    }
-    
-    @SuppressWarnings("unchecked")
-    private Document getDomDocument(Object body, Message m) throws Exception {
-        
-        if (body instanceof Document) {
-            return (Document)body;
-        }
-        if (body instanceof DOMSource) {
-            return (Document)((DOMSource)body).getNode();
-        }
-        
-        ProviderFactory pf = ProviderFactory.getInstance(m);
-        
-        Object providerObject = pf.createMessageBodyWriter(body.getClass(), 
-                                   body.getClass(), new Annotation[]{}, 
-                                   MediaType.APPLICATION_XML_TYPE, m);
-        if (!(providerObject instanceof JAXBElementProvider)) {
-            return null;
-        }
-        JAXBElementProvider provider = (JAXBElementProvider)providerObject;
-        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-        m.setContent(XMLStreamWriter.class, writer);
-        provider.writeTo(body, body.getClass(), 
-                         body.getClass(), new Annotation[]{},
-                         MediaType.APPLICATION_XML_TYPE,
-                         (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
-        return writer.getDocument();
-    }
     
 }

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
Thu Aug  4 11:28:51 2011
@@ -32,6 +32,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
@@ -39,12 +40,10 @@ import org.apache.cxf.jaxrs.model.ClassR
 import org.apache.cxf.message.Message;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
 import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
+import org.apache.cxf.systest.jaxrs.security.common.TrustValidator;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.signature.Reference;
@@ -125,10 +124,9 @@ public class XmlSigInHandler implements 
             // is this call redundant given that signature.checkSignatureValue uses References
?
             validateReference(root, signature);
             
-            Credential trustCredential = new Credential();
-            trustCredential.setPublicKey(keyInfo.getPublicKey());
-            trustCredential.setCertificates(new X509Certificate[]{keyInfo.getX509Certificate()});
-            validateTrust(trustCredential, crypto);
+            // validate trust 
+            new TrustValidator().validateTrust(crypto, cert, keyInfo.getPublicKey());
+            
         } catch (Exception ex) {
             throwFault("Signature validation failed", ex);
         }
@@ -158,13 +156,6 @@ public class XmlSigInHandler implements 
         return null;
     }
     
-    private void validateTrust(Credential cred, Crypto crypto) throws Exception {
-        SignatureTrustValidator validator = new SignatureTrustValidator();
-        RequestData data = new RequestData();
-        data.setSigCrypto(crypto);
-        validator.validate(cred, data);
-    }
-    
     protected void throwFault(String error, Exception ex) {
         // TODO: get bundle resource message once this filter is moved 
         // to rt/rs/security

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
Thu Aug  4 11:28:51 2011
@@ -18,40 +18,22 @@
  */
 package org.apache.cxf.systest.jaxrs.security.xml;
 
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.lang.annotation.Annotation;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.util.List;
 import java.util.UUID;
 import java.util.logging.Logger;
 
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
-
 import org.w3c.dom.Document;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
-import org.apache.cxf.jaxrs.provider.ProviderFactory;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
 import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.utils.Constants;
@@ -59,46 +41,23 @@ import org.apache.xml.security.utils.Ele
 import org.opensaml.xml.signature.SignatureConstants;
 
 
-
-
-public class XmlSigOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
     private static final Logger LOG = 
         LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
     
-    static {
-        WSSConfig.init();
-    }
-    
     private boolean createReferenceId = true;
     
     public XmlSigOutInterceptor() {
-        super(Phase.WRITE);
     } 
 
     public void setCreateReferenceId(boolean create) {
         createReferenceId = create;
     }
     
-    public void handleMessage(Message message) throws Fault {
-        try {
-            Object body = getRequestBody(message);
-            if (body == null) {
-                return;
-            }
-            Document doc = getDomDocument(body, message);
-            if (doc == null) {
-                return;
-            }
- 
-            createEnvelopedSignature(message, doc);
-            message.setContent(List.class, 
-                               new MessageContentsList(new DOMSource(doc)));
-        } catch (Exception ex) {
-            StringWriter sw = new StringWriter();
-            ex.printStackTrace(new PrintWriter(sw));
-            LOG.warning(sw.toString());
-            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
-        }
+    protected Document processDocument(Message message, Document doc) 
+        throws Exception {
+        createEnvelopedSignature(message, doc);
+        return doc;
     }
     
     // enveloping & detached sigs will be supported too
@@ -125,15 +84,8 @@ public class XmlSigOutInterceptor extend
 
         String password = 
             SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
-        // prepare to sign the SAML token
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-        cryptoType.setAlias(user);
-        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
-        if (issuerCerts == null) {
-            throw new WSSecurityException(
-                "No issuer certs were found to sign the document using issuer name: " 
-                + user);
-        }
+    
+        X509Certificate[] issuerCerts = SecurityUtils.getCertificates(crypto, user);
         
         String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
         String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
@@ -144,7 +96,9 @@ public class XmlSigOutInterceptor extend
         try {
             privateKey = crypto.getPrivateKey(user, password);
         } catch (Exception ex) {
-            throw new WSSecurityException(ex.getMessage(), ex);
+            String errorMessage = "Private key can not be loaded, user:" + user;
+            LOG.severe(errorMessage);
+            throw new WSSecurityException(errorMessage, ex);
         }
         //
         ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
@@ -169,39 +123,5 @@ public class XmlSigOutInterceptor extend
         sig.sign(privateKey);
     }
     
-    private Object getRequestBody(Message message) {
-        MessageContentsList objs = MessageContentsList.getContentsList(message);
-        if (objs == null || objs.size() == 0) {
-            return null;
-        } else {
-            return objs.get(0);
-        }
-    }
-    
-    @SuppressWarnings("unchecked")
-    private Document getDomDocument(Object body, Message m) throws Exception {
-        
-        if (body instanceof Document) {
-            return (Document)body;
-        }
         
-        ProviderFactory pf = ProviderFactory.getInstance(m);
-        
-        Object providerObject = pf.createMessageBodyWriter(body.getClass(), 
-                                   body.getClass(), new Annotation[]{}, 
-                                   MediaType.APPLICATION_XML_TYPE, m);
-        if (!(providerObject instanceof JAXBElementProvider)) {
-            return null;
-        }
-        JAXBElementProvider provider = (JAXBElementProvider)providerObject;
-        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-        m.setContent(XMLStreamWriter.class, writer);
-        provider.writeTo(body, body.getClass(), 
-                         body.getClass(), new Annotation[]{},
-                         MediaType.APPLICATION_XML_TYPE,
-                         (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
-        return writer.getDocument();
-    }
-    
-    
 }



Mime
View raw message