cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1162150 - in /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: kerberos/ policy/interceptors/ tokenstore/ wss4j/policyhandlers/
Date Fri, 26 Aug 2011 16:08:37 GMT
Author: coheigea
Date: Fri Aug 26 16:08:37 2011
New Revision: 1162150

URL: http://svn.apache.org/viewvc?rev=1162150&view=rev
Log:
[CXF-3767] - Adding support for signing + encrypting message parts using a Kerberos Ticket

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
Fri Aug 26 16:08:37 2011
@@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.kerbe
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.crypto.SecretKey;
 import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.Bus;
@@ -114,7 +115,11 @@ public class KerberosClient implements C
         
         SecurityToken token = new SecurityToken(bst.getID());
         token.setToken(bst.getElement());
-        //token.setSecret(bst.getToken());
+        token.setWsuId(bst.getID());
+        SecretKey secretKey = bst.getSecretKey();
+        if (secretKey != null) {
+            token.setSecret(secretKey.getEncoded());
+        }
         token.setTokenType(bst.getValueType());
 
         return token;

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Fri Aug 26 16:08:37 2011
@@ -172,13 +172,16 @@ public class KerberosTokenInterceptorPro
         ) {
             if (results != null) {
                 for (WSHandlerResult rResult : results) {
-                    List<KerberosSecurity> kerberosResults = findKerberosResults(rResult.getResults());
-                    for (KerberosSecurity kerberosToken : kerberosResults) {
+                    List<WSSecurityEngineResult> kerberosResults = findKerberosResults(rResult.getResults());
+                    for (WSSecurityEngineResult wser : kerberosResults) {
+                        KerberosSecurity kerberosToken = 
+                            (KerberosSecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
                         KerberosTokenPolicyValidator kerberosValidator = 
                             new KerberosTokenPolicyValidator(message);
                         boolean valid = kerberosValidator.validatePolicy(aim, kerberosToken);
                         if (valid) {
                             SecurityToken token = createSecurityToken(kerberosToken);
+                            token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
                             message.getExchange().put(SecurityConstants.TOKEN, token);
                             return;
                         }
@@ -187,17 +190,17 @@ public class KerberosTokenInterceptorPro
             }
         }
         
-        private List<KerberosSecurity> findKerberosResults(
+        private List<WSSecurityEngineResult> findKerberosResults(
             List<WSSecurityEngineResult> wsSecEngineResults
         ) {
-            List<KerberosSecurity> results = new ArrayList<KerberosSecurity>();
+            List<WSSecurityEngineResult> results = new ArrayList<WSSecurityEngineResult>();
             for (WSSecurityEngineResult wser : wsSecEngineResults) {
                 Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                 if (actInt.intValue() == WSConstants.BST) {
                     BinarySecurity binarySecurity = 
                         (BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
                     if (binarySecurity instanceof KerberosSecurity) {
-                        results.add((KerberosSecurity)binarySecurity);
+                        results.add(wser);
                     }
                 }
             }
@@ -205,12 +208,10 @@ public class KerberosTokenInterceptorPro
         }
     }
     
-    private static SecurityToken createSecurityToken(BinarySecurity binarySecurityToken)
{
+    private static SecurityToken createSecurityToken(KerberosSecurity binarySecurityToken)
{
         SecurityToken token = new SecurityToken(binarySecurityToken.getID());
         token.setToken(binarySecurityToken.getElement());
-        token.setSecret(binarySecurityToken.getToken());
         token.setTokenType(binarySecurityToken.getValueType());
-
         return token;
     }
         

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Fri Aug 26 16:08:37 2011
@@ -54,6 +54,11 @@ public class SecurityToken {
     private String id;
     
     /**
+     * WSU Identifier of the token
+     */
+    private String wsuId;
+    
+    /**
      * Current state of the token
      */
     private State state = State.UNKNOWN;
@@ -392,8 +397,14 @@ public class SecurityToken {
         tokenType = s;
     }
     
+    public void setWsuId(String wsuId) {
+        this.wsuId = wsuId;
+    }
     
     public String getWsuId() {
+        if (wsuId != null) {
+            return wsuId;
+        }
         Element elem = getAttachedReference();
         if (elem != null) {
             String t = getIdFromSTR(elem);

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Aug 26 16:08:37 2011
@@ -40,6 +40,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
+import org.apache.cxf.ws.security.policy.model.KerberosToken;
 import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
@@ -153,7 +154,7 @@ public class SymmetricBindingHandler ext
                 //SecureConversationToken
                 String tokenId = null;
                 SecurityToken tok = null;
-                if (encryptionToken instanceof IssuedToken) {
+                if (encryptionToken instanceof IssuedToken || encryptionToken instanceof
KerberosToken) {
                     tok = getSecurityToken();
                 } else if (encryptionToken instanceof SecureConversationToken) {
                     tok = getSecurityToken();
@@ -269,7 +270,7 @@ public class SymmetricBindingHandler ext
             if (sigToken != null) {
                 if (sigToken instanceof SecureConversationToken) {
                     sigTok = getSecurityToken();
-                } else if (sigToken instanceof IssuedToken) {
+                } else if (sigToken instanceof IssuedToken || sigToken instanceof KerberosToken)
{
                     sigTok = getSecurityToken();
                 } else if (sigToken instanceof X509Token) {
                     if (isRequestor()) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Fri Aug 26 16:08:37 2011
@@ -166,7 +166,8 @@ public class TransportBindingHandler ext
                         for (Token token : sgndSuppTokens.getTokens()) {
                             if (token instanceof IssuedToken
                                 || token instanceof SecureConversationToken
-                                || token instanceof KeyValueToken) {
+                                || token instanceof KeyValueToken
+                                || token instanceof KerberosToken) {
                                 addSig(signatureValues, doIssuedTokenSignature(token, signdParts,
                                                                                sgndSuppTokens,
                                                                                null));
@@ -201,7 +202,8 @@ public class TransportBindingHandler ext
                     if (endSuppTokens != null) {
                         for (Token token : endSuppTokens.getTokens()) {
                             if (token instanceof IssuedToken
-                                || token instanceof SecureConversationToken) {
+                                || token instanceof SecureConversationToken
+                                || token instanceof KerberosToken) {
                                 addSig(signatureValues, doIssuedTokenSignature(token, 
                                                                                endSuppTokens
                                                                                    .getSignedParts(),




Mime
View raw message