cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1311388 - in /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts: operation/TokenRenewOperation.java token/renewer/SAMLTokenRenewer.java token/renewer/TokenRenewerResponse.java
Date Mon, 09 Apr 2012 19:27:38 GMT
Author: coheigea
Date: Mon Apr  9 19:27:38 2012
New Revision: 1311388

URL: http://svn.apache.org/viewvc?rev=1311388&view=rev
Log:
[CXF-4158] - Removed re-keying stuff from SAMLTokenRenewer

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java?rev=1311388&r1=1311387&r2=1311388&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
Mon Apr  9 19:27:38 2012
@@ -44,14 +44,11 @@ import org.apache.cxf.sts.token.renewer.
 import org.apache.cxf.sts.token.renewer.TokenRenewerResponse;
 import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
 import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
-import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
 import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
-import org.apache.cxf.ws.security.sts.provider.model.RequestedProofTokenType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
 import org.apache.cxf.ws.security.sts.provider.operation.RenewOperation;
@@ -278,80 +275,14 @@ public class TokenRenewOperation extends
         // AppliesTo
         response.getAny().add(tokenRequirements.getAppliesTo());
 
-        // RequestedProofToken
-        if (tokenRenewerResponse.isComputedKey() && keyRequirements.getComputedKeyAlgorithm()
!= null) {
-            JAXBElement<String> computedKey = 
-                QNameConstants.WS_TRUST_FACTORY.createComputedKey(keyRequirements.getComputedKeyAlgorithm());
-            RequestedProofTokenType requestedProofTokenType = 
-                QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
-            requestedProofTokenType.setAny(computedKey);
-            JAXBElement<RequestedProofTokenType> requestedProofToken = 
-                QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
-            response.getAny().add(requestedProofToken);
-        } else if (tokenRenewerResponse.getEntropy() != null) {
-            Object token = 
-                constructSecretToken(tokenRenewerResponse.getEntropy(), encryptionProperties,
keyRequirements);
-            RequestedProofTokenType requestedProofTokenType = 
-                QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
-            requestedProofTokenType.setAny(token);
-            JAXBElement<RequestedProofTokenType> requestedProofToken = 
-                QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
-            response.getAny().add(requestedProofToken);
-        }
-
-        // Entropy
-        if (tokenRenewerResponse.isComputedKey() && tokenRenewerResponse.getEntropy()
!= null) {
-            Object token = 
-                constructSecretToken(tokenRenewerResponse.getEntropy(), encryptionProperties,
keyRequirements);
-            EntropyType entropyType = QNameConstants.WS_TRUST_FACTORY.createEntropyType();
-            entropyType.getAny().add(token);
-            JAXBElement<EntropyType> entropyElement = 
-                QNameConstants.WS_TRUST_FACTORY.createEntropy(entropyType);
-            response.getAny().add(entropyElement);
-        }
-
         // Lifetime
         LifetimeType lifetime = createLifetime(tokenRenewerResponse.getLifetime());
         JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
         response.getAny().add(lifetimeType);
 
-        // KeySize
-        long keySize = tokenRenewerResponse.getKeySize();
-        if (keySize <= 0) {
-            keySize = keyRequirements.getKeySize();
-        }
-        if (keyRequirements.getKeySize() > 0) {
-            JAXBElement<Long> keySizeType = 
-                QNameConstants.WS_TRUST_FACTORY.createKeySize(keySize);
-            response.getAny().add(keySizeType);
-        }
-
         return response;
     }
 
-    /**
-     * Construct a token containing the secret to return to the client. If encryptIssuedToken
is set
-     * then the token is wrapped in an EncryptedKey DOM element, otherwise it is returned
in a 
-     * BinarySecretType JAXBElement.
-     */
-    private Object constructSecretToken(
-            byte[] secret,
-            EncryptionProperties encryptionProperties, 
-            KeyRequirements keyRequirements
-    ) throws WSSecurityException {
-        if (encryptIssuedToken) {
-            return encryptSecret(secret, encryptionProperties, keyRequirements);
-        } else {
-            BinarySecretType binarySecretType = QNameConstants.WS_TRUST_FACTORY.createBinarySecretType();
-            String nonce = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce";
-            binarySecretType.setType(nonce);
-            binarySecretType.setValue(secret);
-            JAXBElement<BinarySecretType> binarySecret = 
-                QNameConstants.WS_TRUST_FACTORY.createBinarySecret(binarySecretType);
-            return binarySecret;
-        }
-    }
-
     private TokenRenewerParameters createTokenRenewerParameters(
         RequestParser requestParser, WebServiceContext context
     ) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java?rev=1311388&r1=1311387&r2=1311388&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
Mon Apr  9 19:27:38 2012
@@ -174,6 +174,7 @@ public class SAMLTokenRenewer implements
             }
             
             // Create new Conditions & sign the Assertion
+            byte[] oldSignature = assertion.getSignatureValue();
             createNewConditions(assertion, tokenParameters);
             signAssertion(assertion, tokenParameters);
             
@@ -186,6 +187,13 @@ public class SAMLTokenRenewer implements
             }
             doc.appendChild(token);
             
+            // Remove the previous token (now expired) from the cache
+            if (tokenParameters.getTokenStore() != null) {
+                tokenParameters.getTokenStore().remove(assertion.getId());
+                int hash = Arrays.hashCode(oldSignature);
+                tokenParameters.getTokenStore().remove(Integer.toString(hash));
+            }
+            
             // Cache the token
             String realm = tokenParameters.getRealm();
             storeTokenInCache(
@@ -208,13 +216,7 @@ public class SAMLTokenRenewer implements
                 lifetime = validTill.getMillis() - validFrom.getMillis();
             }
             response.setLifetime(lifetime / 1000);
-            /*
-            response.setEntropy(entropyBytes);
-            if (keySize > 0) {
-                response.setKeySize(keySize);
-            }
-            response.setComputedKey(computedKey);
-            */
+
             return response;
             
         } catch (Exception ex) {

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java?rev=1311388&r1=1311387&r2=1311388&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
Mon Apr  9 19:27:38 2012
@@ -30,41 +30,10 @@ public class TokenRenewerResponse {
     private Element token;
     private String tokenId;
     private long lifetime;
-    private byte[] entropy;
-    private long keySize;
-    private boolean computedKey;
     private TokenReference attachedReference;
     private TokenReference unAttachedReference;
     
     /**
-     * Return true if the entropy represents a Computed Key.
-     */
-    public boolean isComputedKey() {
-        return computedKey;
-    }
-
-    /**
-     * Set whether the entropy represents a Computed Key or not
-     */
-    public void setComputedKey(boolean computedKey) {
-        this.computedKey = computedKey;
-    }
-
-    /**
-     * Get the KeySize that the TokenProvider set
-     */
-    public long getKeySize() {
-        return keySize;
-    }
-
-    /**
-     * Set the KeySize
-     */
-    public void setKeySize(long keySize) {
-        this.keySize = keySize;
-    }
-
-    /**
      * Set the token
      * @param token the token to set
      */
@@ -113,22 +82,6 @@ public class TokenRenewerResponse {
     }
     
     /**
-     * Set the entropy associated with the token.
-     * @param entropy the entropy associated with the token.
-     */
-    public void setEntropy(byte[] entropy) {
-        this.entropy = entropy;
-    }
-    
-    /**
-     * Get the entropy associated with the token.
-     * @return the entropy associated with the token.
-     */
-    public byte[] getEntropy() {
-        return entropy;
-    }
-    
-    /**
      * Set the attached TokenReference
      * @param attachtedReference the attached TokenReference
      */



Mime
View raw message