cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1332403 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/ rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/
Date Mon, 30 Apr 2012 21:24:50 GMT
Author: sergeyb
Date: Mon Apr 30 21:24:49 2012
New Revision: 1332403

URL: http://svn.apache.org/viewvc?rev=1332403&view=rev
Log:
[CXF-4145] Optional restriction of the encryption key identifier type

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
Mon Apr 30 21:24:49 2012
@@ -44,8 +44,8 @@ import org.apache.xml.security.utils.Con
 
 public final class SecurityUtils {
     
-    public static final String X509_KEY = "X509_KEY";
-    public static final String X509_ISSUER_SERIAL = "X509_ISSUER_SERIAL";
+    public static final String X509_CERT = "X509Certificate";
+    public static final String X509_ISSUER_SERIAL = "X509IssuerCerial";
     public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";
     
     private SecurityUtils() {
@@ -54,6 +54,7 @@ public final class SecurityUtils {
     
     public static boolean isSignedAndEncryptedTwoWay(Message m) {
         Message outMessage = m.getExchange().getOutMessage();
+        
         Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)

             ? outMessage : m;
         return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
Mon Apr 30 21:24:49 2012
@@ -170,22 +170,27 @@ public abstract class AbstractXmlEncInHa
          * 
          */
         
-        Element certNode = getNode(encKeyElement, 
-                                   Constants.SignatureSpecNS, "X509Certificate", 0);
-        if (certNode != null) {
-            try {
-                return SecurityUtils.loadX509Certificate(crypto, certNode);
-            } catch (Exception ex) {
-                throwFault("X509Certificate can not be created", ex);
+        String keyIdentifierType = encProps != null ? encProps.getEncryptionKeyIdType() :
null;
+        if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_CERT))
{
+            Element certNode = getNode(encKeyElement, 
+                                       Constants.SignatureSpecNS, "X509Certificate", 0);
+            if (certNode != null) {
+                try {
+                    return SecurityUtils.loadX509Certificate(crypto, certNode);
+                } catch (Exception ex) {
+                    throwFault("X509Certificate can not be created", ex);
+                }
             }
         }
-        certNode = getNode(encKeyElement, 
-                Constants.SignatureSpecNS, "X509IssuerSerial", 0);
-        if (certNode != null) {
-            try {
-                return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
-            } catch (Exception ex) {
-                throwFault("X509Certificate can not be created", ex);
+        if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_ISSUER_SERIAL))
{
+            Element certNode = getNode(encKeyElement, 
+                    Constants.SignatureSpecNS, "X509IssuerSerial", 0);
+            if (certNode != null) {
+                try {
+                    return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
+                } catch (Exception ex) {
+                    throwFault("X509Certificate can not be created", ex);
+                }
             }
         }
         throwFault("Certificate is missing", null);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
Mon Apr 30 21:24:49 2012
@@ -22,6 +22,7 @@ public class EncryptionProperties {
     private String encryptionKeyTransportAlgo;
     private String encryptionSymmetricKeyAlgo;
     private String encryptionDigestAlgo;
+    private String encryptionKeyIdType;
     
     public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) {
         this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo;
@@ -41,5 +42,11 @@ public class EncryptionProperties {
     public String getEncryptionDigestAlgo() {
         return encryptionDigestAlgo;
     }
+    public void setEncryptionKeyIdType(String encryptionKeyIdType) {
+        this.encryptionKeyIdType = encryptionKeyIdType;
+    }
+    public String getEncryptionKeyIdType() {
+        return encryptionKeyIdType;
+    }
     
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
Mon Apr 30 21:24:49 2012
@@ -68,7 +68,7 @@ public class XmlEncOutInterceptor extend
     private SecretKey symmetricKey;
     private String keyEncAlgo = XMLCipher.RSA_OAEP; 
     private String symEncAlgo = XMLCipher.AES_256;
-    private String keyIdentifierType = SecurityUtils.X509_KEY;
+    private String keyIdentifierType = SecurityUtils.X509_CERT;
     private String digestAlgo;
     
     public XmlEncOutInterceptor() {
@@ -286,7 +286,7 @@ public class XmlEncOutInterceptor extend
             );
         
         Node keyIdentifierNode = null; 
-        if (keyIdentifierType.equals(SecurityUtils.X509_KEY)) {
+        if (keyIdentifierType.equals(SecurityUtils.X509_CERT)) {
             byte data[] = null;
             try {
                 data = remoteCert.getEncoded();

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Mon Apr 30 21:24:49 2012
@@ -167,7 +167,7 @@ public class JAXRSXmlSecTest extends Abs
         properties.put("ws-security.encryption.properties", 
                        "org/apache/cxf/systest/jaxrs/security/bob.properties");
         String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
-        doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM,
null, false);
+        doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_CERT, aes128GCM,
null, false);
     }
     
     @Test
@@ -180,7 +180,7 @@ public class JAXRSXmlSecTest extends Abs
         properties.put("ws-security.encryption.properties", 
                        "org/apache/cxf/systest/jaxrs/security/bob.properties");
         doTestPostEncryptedBook(
-            address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256,
false
+            address, false, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, XMLCipher.SHA256,
false
         );
     }
     
@@ -227,7 +227,7 @@ public class JAXRSXmlSecTest extends Abs
         properties.put("ws-security.signature.properties", 
                        "org/apache/cxf/systest/jaxrs/security/alice.properties");
         try {
-            doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_KEY, 
+            doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_CERT, 
                                 "http://www.w3.org/2009/xmlenc11#aes128-gcm", null, true);
         } catch (ServerWebApplicationException ex) {
             assertEquals(400, ex.getStatus());
@@ -253,7 +253,7 @@ public class JAXRSXmlSecTest extends Abs
     public void doTestPostEncryptedBook(String address, boolean sign, Map<String, Object>
properties) 
         throws Exception {
         doTestPostEncryptedBook(
-            address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null, false
+            address, sign, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, null,
false
         );
     }
     



Mime
View raw message