Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B4A1EC317 for ; Mon, 30 Apr 2012 21:31:48 +0000 (UTC) Received: (qmail 37916 invoked by uid 500); 30 Apr 2012 21:31:48 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 37868 invoked by uid 500); 30 Apr 2012 21:31:48 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 37861 invoked by uid 99); 30 Apr 2012 21:31:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Apr 2012 21:31:48 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Apr 2012 21:31:46 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 9A79E238890B; Mon, 30 Apr 2012 21:31:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1332409 - in /cxf/branches/2.5.x-fixes: ./ rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/ rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs... Date: Mon, 30 Apr 2012 21:31:26 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120430213126.9A79E238890B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Mon Apr 30 21:31:25 2012 New Revision: 1332409 URL: http://svn.apache.org/viewvc?rev=1332409&view=rev Log: Merged revisions 1332403,1332406 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1332403 | sergeyb | 2012-04-30 22:24:49 +0100 (Mon, 30 Apr 2012) | 1 line [CXF-4145] Optional restriction of the encryption key identifier type ........ r1332406 | sergeyb | 2012-04-30 22:28:01 +0100 (Mon, 30 Apr 2012) | 1 line [CXF-4145] Fixing a typo ........ Modified: cxf/branches/2.5.x-fixes/ (props changed) cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ Merged /cxf/trunk:r1332403-1332406 Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1332409&r1=1332408&r2=1332409&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java Mon Apr 30 21:31:25 2012 @@ -44,8 +44,8 @@ import org.apache.xml.security.utils.Con public final class SecurityUtils { - public static final String X509_KEY = "X509_KEY"; - public static final String X509_ISSUER_SERIAL = "X509_ISSUER_SERIAL"; + public static final String X509_CERT = "X509Certificate"; + public static final String X509_ISSUER_SERIAL = "X509IssuerSerial"; public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert"; private SecurityUtils() { @@ -54,6 +54,7 @@ public final class SecurityUtils { public static boolean isSignedAndEncryptedTwoWay(Message m) { Message outMessage = m.getExchange().getOutMessage(); + Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage) ? outMessage : m; return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD)) Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1332409&r1=1332408&r2=1332409&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Mon Apr 30 21:31:25 2012 @@ -170,22 +170,27 @@ public abstract class AbstractXmlEncInHa * */ - Element certNode = getNode(encKeyElement, - Constants.SignatureSpecNS, "X509Certificate", 0); - if (certNode != null) { - try { - return SecurityUtils.loadX509Certificate(crypto, certNode); - } catch (Exception ex) { - throwFault("X509Certificate can not be created", ex); + String keyIdentifierType = encProps != null ? encProps.getEncryptionKeyIdType() : null; + if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_CERT)) { + Element certNode = getNode(encKeyElement, + Constants.SignatureSpecNS, "X509Certificate", 0); + if (certNode != null) { + try { + return SecurityUtils.loadX509Certificate(crypto, certNode); + } catch (Exception ex) { + throwFault("X509Certificate can not be created", ex); + } } } - certNode = getNode(encKeyElement, - Constants.SignatureSpecNS, "X509IssuerSerial", 0); - if (certNode != null) { - try { - return SecurityUtils.loadX509IssuerSerial(crypto, certNode); - } catch (Exception ex) { - throwFault("X509Certificate can not be created", ex); + if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_ISSUER_SERIAL)) { + Element certNode = getNode(encKeyElement, + Constants.SignatureSpecNS, "X509IssuerSerial", 0); + if (certNode != null) { + try { + return SecurityUtils.loadX509IssuerSerial(crypto, certNode); + } catch (Exception ex) { + throwFault("X509Certificate can not be created", ex); + } } } throwFault("Certificate is missing", null); Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java?rev=1332409&r1=1332408&r2=1332409&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java Mon Apr 30 21:31:25 2012 @@ -22,6 +22,7 @@ public class EncryptionProperties { private String encryptionKeyTransportAlgo; private String encryptionSymmetricKeyAlgo; private String encryptionDigestAlgo; + private String encryptionKeyIdType; public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) { this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo; @@ -41,5 +42,11 @@ public class EncryptionProperties { public String getEncryptionDigestAlgo() { return encryptionDigestAlgo; } + public void setEncryptionKeyIdType(String encryptionKeyIdType) { + this.encryptionKeyIdType = encryptionKeyIdType; + } + public String getEncryptionKeyIdType() { + return encryptionKeyIdType; + } } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1332409&r1=1332408&r2=1332409&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java Mon Apr 30 21:31:25 2012 @@ -68,7 +68,7 @@ public class XmlEncOutInterceptor extend private SecretKey symmetricKey; private String keyEncAlgo = XMLCipher.RSA_OAEP; private String symEncAlgo = XMLCipher.AES_256; - private String keyIdentifierType = SecurityUtils.X509_KEY; + private String keyIdentifierType = SecurityUtils.X509_CERT; private String digestAlgo; public XmlEncOutInterceptor() { @@ -286,7 +286,7 @@ public class XmlEncOutInterceptor extend ); Node keyIdentifierNode = null; - if (keyIdentifierType.equals(SecurityUtils.X509_KEY)) { + if (keyIdentifierType.equals(SecurityUtils.X509_CERT)) { byte data[] = null; try { data = remoteCert.getEncoded(); Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1332409&r1=1332408&r2=1332409&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original) +++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Mon Apr 30 21:31:25 2012 @@ -167,7 +167,7 @@ public class JAXRSXmlSecTest extends Abs properties.put("ws-security.encryption.properties", "org/apache/cxf/systest/jaxrs/security/bob.properties"); String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm"; - doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM, null, false); + doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_CERT, aes128GCM, null, false); } @Test @@ -180,7 +180,7 @@ public class JAXRSXmlSecTest extends Abs properties.put("ws-security.encryption.properties", "org/apache/cxf/systest/jaxrs/security/bob.properties"); doTestPostEncryptedBook( - address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256, false + address, false, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, XMLCipher.SHA256, false ); } @@ -227,7 +227,7 @@ public class JAXRSXmlSecTest extends Abs properties.put("ws-security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.properties"); try { - doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_KEY, + doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_CERT, "http://www.w3.org/2009/xmlenc11#aes128-gcm", null, true); } catch (ServerWebApplicationException ex) { assertEquals(400, ex.getStatus()); @@ -253,7 +253,7 @@ public class JAXRSXmlSecTest extends Abs public void doTestPostEncryptedBook(String address, boolean sign, Map properties) throws Exception { doTestPostEncryptedBook( - address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null, false + address, sign, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, null, false ); }