cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1161148 - /cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Date Wed, 24 Aug 2011 15:18:01 GMT
Author: coheigea
Date: Wed Aug 24 15:18:01 2011
New Revision: 1161148

URL: http://svn.apache.org/viewvc?rev=1161148&view=rev
Log:
[CXF-3761] - STSClient can't process EncryptedKey elements received from an STS


Conflicts:

	rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java

Modified:
    cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java

Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1161148&r1=1161147&r2=1161148&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Wed Aug 24 15:18:01 2011
@@ -963,26 +963,24 @@ public class STSClient implements Config
                 // First check for the binary secret
                 String b64Secret = DOMUtils.getContent(child);
                 secret = Base64.decode(b64Secret);
-            } else if (childQname.equals(new QName(namespace, WSConstants.ENC_KEY_LN))) {
-                try {
-
-                    EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
-
-                    processor.handleToken(child, null, createCrypto(true), createHandler(),
null,
-                                          new Vector(), null);
-
-                    secret = processor.getDecryptedBytes();
-                } catch (IOException e) {
-                    throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
-                }
+            } else if (childQname.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN)))
{
+                secret = decryptKey(child);
             } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
                 // Handle the computed key
-                Element binSecElem = entropy == null ? null : DOMUtils.getFirstElement(entropy);
-                String content = binSecElem == null ? null : DOMUtils.getContent(binSecElem);
-                if (content != null && !StringUtils.isEmpty(content.trim())) {
-
-                    byte[] serviceEntr = Base64.decode(content);
+                Element computedKeyChild = entropy == null ? null : DOMUtils.getFirstElement(entropy);
+                byte[] serviceEntr = null;
 
+                if (computedKeyChild != null) {
+                    QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild);
+                    if (computedKeyChildQName.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN)))
{
+                        serviceEntr = decryptKey(computedKeyChild);
+                    } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret")))
{
+                        String content = DOMUtils.getContent(computedKeyChild);
+                        serviceEntr = Base64.decode(content);
+                    }
+                }
+                
+                if (serviceEntr != null) {
                     // Right now we only use PSHA1 as the computed key algo
                     P_SHA1 psha1 = new P_SHA1();
 
@@ -1008,6 +1006,19 @@ public class STSClient implements Config
 
         return token;
     }
+    
+    private byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
+        try {
+            EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+            processor.handleToken(child, null, createCrypto(true), createHandler(), null,
+                                  new Vector(), null);
+
+            return processor.getDecryptedBytes();
+        } catch (IOException e) {
+            throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+        }
+    }
 
     private CallbackHandler createHandler() {
         Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);



Mime
View raw message