cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1297999 - in /cxf/trunk/services/sts: sts-core/src/main/java/org/apache/cxf/sts/request/ sts-core/src/main/java/org/apache/cxf/sts/token/provider/ systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/
Date Wed, 07 Mar 2012 15:55:25 GMT
Author: coheigea
Date: Wed Mar  7 15:55:25 2012
New Revision: 1297999

URL: http://svn.apache.org/viewvc?rev=1297999&view=rev
Log:
[CXF-4168] - Support processing a KeyInfo/KeyValue child of UseKey in a RequestSecurityToken

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
Wed Mar  7 15:55:25 2012
@@ -22,6 +22,8 @@ package org.apache.cxf.sts.request;
 import java.io.ByteArrayInputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.KeyException;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -31,6 +33,12 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.xml.bind.JAXBElement;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.ws.WebServiceContext;
 import javax.xml.ws.handler.MessageContext;
 
@@ -309,18 +317,22 @@ public class RequestParser {
                     throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
                 }
             } else {
-                Element elementNSImpl = (Element) useKey.getAny();
-                NodeList x509CertData = 
-                    elementNSImpl.getElementsByTagNameNS(
-                        Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE
-                    );
-                if (x509CertData != null && x509CertData.getLength() > 0) {
-                    try {
-                        x509 = Base64Utility.decode(x509CertData.item(0).getTextContent());
-                        LOG.fine("Found X509Certificate UseKey type");
-                    } catch (Exception e) {
-                        LOG.log(Level.WARNING, "", e);
-                        throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+                Element element = (Element)useKey.getAny();
+                if ("KeyInfo".equals(element.getLocalName())) {
+                    return parseKeyInfoElement((Element)useKey.getAny());
+                } else {
+                    NodeList x509CertData = 
+                        element.getElementsByTagNameNS(
+                            Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE   
+                        );
+                    if (x509CertData != null && x509CertData.getLength() > 0)
{
+                        try {
+                            x509 = Base64Utility.decode(x509CertData.item(0).getTextContent());
+                            LOG.fine("Found X509Certificate UseKey type");
+                        } catch (Exception e) {
+                            LOG.log(Level.WARNING, "", e);
+                            throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+                        }
                     }
                 }
             }
@@ -359,6 +371,54 @@ public class RequestParser {
     }
     
     /**
+     * Parse the KeyInfo Element to return a ReceivedKey object containing the found certificate
or
+     * public key.
+     */
+    private static ReceivedKey parseKeyInfoElement(Element keyInfoElement) throws STSException
{
+        KeyInfoFactory keyInfoFactory = null;
+        try {
+            keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
+        } catch (NoSuchProviderException ex) {
+            keyInfoFactory = KeyInfoFactory.getInstance("DOM");
+        }
+
+        try {
+            KeyInfo keyInfo = 
+                keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
+            List<?> list = keyInfo.getContent();
+
+            for (int i = 0; i < list.size(); i++) {
+                if (list.get(i) instanceof KeyValue) {
+                    KeyValue keyValue = (KeyValue)list.get(i);
+                    ReceivedKey receivedKey = new ReceivedKey();
+                    receivedKey.setPublicKey(keyValue.getPublicKey());
+                    return receivedKey;
+                } else if (list.get(i) instanceof X509Certificate) {
+                    ReceivedKey receivedKey = new ReceivedKey();
+                    receivedKey.setX509Cert((X509Certificate)list.get(i));
+                    return receivedKey;
+                } else if (list.get(i) instanceof X509Data) {
+                    X509Data x509Data = (X509Data)list.get(i);
+                    for (int j = 0; j < x509Data.getContent().size(); j++) {
+                        if (x509Data.getContent().get(j) instanceof X509Certificate) {
+                            ReceivedKey receivedKey = new ReceivedKey();
+                            receivedKey.setX509Cert((X509Certificate)x509Data.getContent().get(j));
+                            return receivedKey;
+                        }
+                    }
+                }
+            }
+        } catch (MarshalException e) {
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+        } catch (KeyException e) {
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+        }
+        return null;
+    }
+    
+    /**
      * Parse an Entropy object
      * @param entropy an Entropy object
      */

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
Wed Mar  7 15:55:25 2012
@@ -19,6 +19,7 @@
 package org.apache.cxf.sts.token.provider;
 
 import java.security.Principal;
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -141,7 +142,7 @@ public class DefaultSubjectProvider impl
             }
         } else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
             ReceivedKey receivedKey = keyRequirements.getReceivedKey();
-            KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert());
+            KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());
             subjectBean.setKeyInfo(keyInfo);
         }
         
@@ -171,13 +172,18 @@ public class DefaultSubjectProvider impl
     }
 
     /**
-     * Create a KeyInfoBean that contains an X.509 certificate.
+     * Create a KeyInfoBean that contains an X.509 certificate or Public Key
      */
-    private static KeyInfoBean createKeyInfo(X509Certificate certificate) {
+    private static KeyInfoBean createKeyInfo(X509Certificate certificate, PublicKey publicKey)
{
         KeyInfoBean keyInfo = new KeyInfoBean();
 
-        keyInfo.setCertificate(certificate);
-        keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+        if (certificate != null) {
+            keyInfo.setCertificate(certificate);
+            keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+        } else if (publicKey != null) {
+            keyInfo.setPublicKey(publicKey);
+            keyInfo.setCertIdentifer(CERT_IDENTIFIER.KEY_VALUE);
+        }
 
         return keyInfo;
     }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
Wed Mar  7 15:55:25 2012
@@ -474,7 +474,8 @@ public class SAMLTokenProvider implement
         String keyType = keyRequirements.getKeyType();
         if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
             if (keyRequirements.getReceivedKey() == null
-                || keyRequirements.getReceivedKey().getX509Cert() == null) {
+                || (keyRequirements.getReceivedKey().getX509Cert() == null
+                    && keyRequirements.getReceivedKey().getPublicKey() == null))
{
                 LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate
is provided");
                 throw new STSException(
                     "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST

Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
(original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
Wed Mar  7 15:55:25 2012
@@ -79,7 +79,7 @@ http://cxf.apache.org/configuration/secu
                                   value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
                            <entry key="ws-security.sts.token.username" value="myclientkey"/>
                            <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>

-                           <entry key="ws-security.sts.token.usecert" value="true"/>

+                           <entry key="ws-security.sts.token.usecert" value="false"/>

                        </map>
                    </property>
                </bean>            



Mime
View raw message