cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1189708 - /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
Date Thu, 27 Oct 2011 11:49:55 GMT
Author: coheigea
Date: Thu Oct 27 11:49:55 2011
New Revision: 1189708

URL: http://svn.apache.org/viewvc?rev=1189708&view=rev
Log:
Added a check for an X.509 token in the InitiatorToken of the AsymmetricBindingPolicyValidator

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1189708&r1=1189707&r2=1189708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
Thu Oct 27 11:49:55 2011
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
+import java.security.cert.X509Certificate;
+
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -28,6 +30,8 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 
@@ -102,6 +106,19 @@ public class AsymmetricBindingPolicyVali
         AssertionInfoMap aim
     ) {
         if (binding.getInitiatorToken() != null) {
+            Token token = binding.getInitiatorToken().getToken();
+            if (token instanceof X509Token) {
+                for (WSSecurityEngineResult result : signedResults) {
+                    X509Certificate cert = 
+                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                    if (cert == null) {
+                        String error = "An X.509 certificate was not used for the initiator
token";
+                        notAssertPolicy(aim, binding.getInitiatorToken().getName(), error);
+                        ai.setNotAsserted(error);
+                        return false;
+                    }
+                }
+            }
             assertPolicy(aim, binding.getInitiatorToken());
             if (!checkDerivedKeys(
                 binding.getInitiatorToken(), hasDerivedKeys, signedResults, encryptedResults



Mime
View raw message