Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EBB7CE709 for ; Mon, 11 Mar 2013 13:01:20 +0000 (UTC) Received: (qmail 8416 invoked by uid 500); 11 Mar 2013 13:01:20 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 8243 invoked by uid 500); 11 Mar 2013 13:01:18 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 8209 invoked by uid 99); 11 Mar 2013 13:01:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Mar 2013 13:01:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Mar 2013 13:01:13 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id CDA4B23889CB; Mon, 11 Mar 2013 13:00:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1455121 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/poli... Date: Mon, 11 Mar 2013 13:00:52 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130311130052.CDA4B23889CB@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Mon Mar 11 13:00:51 2013 New Revision: 1455121 URL: http://svn.apache.org/r1455121 Log: Switched to use AlgorithmSuiteBuilder in WSS4J for GCM AlgorithmSuites Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java - copied, changed from r1455117, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java Removed: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/GCMAlgorithmSuite.java Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/logging.properties Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1455121&r1=1455120&r2=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java Mon Mar 11 13:00:51 2013 @@ -36,6 +36,7 @@ import org.apache.cxf.ws.policy.PolicyIn import org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder; +import org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteBuilder; import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider; import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider; import org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider; @@ -51,7 +52,6 @@ import org.apache.neethi.builders.xml.XM import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SP13Constants; -import org.apache.wss4j.policy.builders.AlgorithmSuiteBuilder; import org.apache.wss4j.policy.builders.AsymmetricBindingBuilder; import org.apache.wss4j.policy.builders.ContentEncryptedElementsBuilder; import org.apache.wss4j.policy.builders.EncryptedElementsBuilder; @@ -110,7 +110,7 @@ public final class WSSecurityPolicyLoade if (reg == null) { return; } - reg.registerBuilder(new AlgorithmSuiteBuilder()); + reg.registerBuilder(new AlgorithmSuiteBuilder(bus)); reg.registerBuilder(new AsymmetricBindingBuilder()); reg.registerBuilder(new ContentEncryptedElementsBuilder()); reg.registerBuilder(new EncryptedElementsBuilder()); Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java?rev=1455121&r1=1455120&r2=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java Mon Mar 11 13:00:51 2013 @@ -28,7 +28,7 @@ import org.apache.cxf.ws.policy.PolicyBu import org.apache.cxf.ws.security.policy.SP11Constants; import org.apache.cxf.ws.security.policy.SP12Constants; import org.apache.cxf.ws.security.policy.SPConstants; -import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; +// import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; import org.apache.cxf.ws.security.policy.model.Layout; import org.apache.cxf.ws.security.policy.model.SupportingToken; import org.apache.cxf.ws.security.policy.model.TransportBinding; @@ -78,8 +78,10 @@ public class TransportBindingBuilder imp String name = child.getLocalName(); if (name.equals(SPConstants.ALGO_SUITE)) { foundAlgorithmSuite = true; + /* parent.setAlgorithmSuite((AlgorithmSuite)new AlgorithmSuiteBuilder(bus) .build(child, factory)); + */ } else if (name.equals(SPConstants.TRANSPORT_TOKEN)) { foundTransportToken = true; parent.setTransportToken((TransportToken)new TransportTokenBuilder(builder) Copied: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java (from r1455117, cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java) URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java?p2=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java&p1=cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java&r1=1455117&r2=1455121&rev=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AlgorithmSuiteBuilder.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java Mon Mar 11 13:00:51 2013 @@ -16,9 +16,7 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.cxf.ws.security.policy.builders; - - +package org.apache.cxf.ws.security.policy.custom; import javax.xml.namespace.QName; @@ -26,17 +24,15 @@ import org.w3c.dom.Element; import org.apache.cxf.Bus; import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.ws.security.policy.SP11Constants; -import org.apache.cxf.ws.security.policy.SP12Constants; -import org.apache.cxf.ws.security.policy.SPConstants; -import org.apache.cxf.ws.security.policy.WSSPolicyException; -import org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteLoader; -import org.apache.cxf.ws.security.policy.custom.DefaultAlgorithmSuiteLoader; -import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; import org.apache.neethi.Assertion; import org.apache.neethi.AssertionBuilderFactory; +import org.apache.neethi.Policy; import org.apache.neethi.builders.AssertionBuilder; - +import org.apache.wss4j.policy.SP11Constants; +import org.apache.wss4j.policy.SP13Constants; +import org.apache.wss4j.policy.SPConstants; +import org.apache.wss4j.policy.SPUtils; +import org.apache.wss4j.policy.model.AlgorithmSuite; public class AlgorithmSuiteBuilder implements AssertionBuilder { @@ -46,41 +42,36 @@ public class AlgorithmSuiteBuilder imple this.bus = bus; } - public Assertion build(Element element, AssertionBuilderFactory factory) - throws IllegalArgumentException { - - SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI()) - ? SP11Constants.INSTANCE : SP12Constants.INSTANCE; + @Override + public Assertion build(Element element, AssertionBuilderFactory factory) throws IllegalArgumentException { + final SPConstants.SPVersion spVersion = SPConstants.SPVersion.getSPVersion(element.getNamespaceURI()); + final Element nestedPolicyElement = SPUtils.getFirstPolicyChildElement(element); + if (nestedPolicyElement == null) { + throw new IllegalArgumentException("sp:AlgorithmSuite must have an inner wsp:Policy element"); + } + final Policy nestedPolicy = factory.getPolicyEngine().getPolicy(nestedPolicyElement); + AlgorithmSuiteLoader loader = bus.getExtension(AlgorithmSuiteLoader.class); if (loader == null) { loader = new DefaultAlgorithmSuiteLoader(); - } - Element policyElement = DOMUtils.getFirstElement(element); - if (policyElement == null) { - throw new IllegalArgumentException( - "sp:AlgorithmSuite/wsp:Policy must have a value" - ); } - AlgorithmSuite algorithmSuite = null; - try { - algorithmSuite = loader.getAlgorithmSuite(policyElement, consts); - } catch (WSSPolicyException e) { - throw new IllegalArgumentException(e); - } - - if (algorithmSuite == null && consts != SP11Constants.INSTANCE) { - String algorithmSuiteName = DOMUtils.getFirstElement(policyElement).getLocalName(); + AlgorithmSuite algorithmSuite = loader.getAlgorithmSuite(spVersion, nestedPolicy); + if (algorithmSuite == null) { + String algorithmSuiteName = DOMUtils.getFirstElement(nestedPolicyElement).getLocalName(); throw new IllegalArgumentException( "Algorithm suite \"" + algorithmSuiteName + "\" is not registered" ); } + algorithmSuite.setOptional(SPUtils.isOptional(element)); + algorithmSuite.setIgnorable(SPUtils.isIgnorable(element)); return algorithmSuite; } + @Override public QName[] getKnownElements() { - return new QName[]{SP11Constants.ALGORITHM_SUITE, SP12Constants.ALGORITHM_SUITE}; + return new QName[]{SP13Constants.ALGORITHM_SUITE, SP11Constants.ALGORITHM_SUITE}; } } Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java?rev=1455121&r1=1455120&r2=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java Mon Mar 11 13:00:51 2013 @@ -18,10 +18,9 @@ */ package org.apache.cxf.ws.security.policy.custom; -import org.w3c.dom.Element; - -import org.apache.cxf.ws.security.policy.SPConstants; -import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; +import org.apache.neethi.Policy; +import org.apache.wss4j.policy.SPConstants; +import org.apache.wss4j.policy.model.AlgorithmSuite; /** * This interface defines a way of retrieving an AlgorithmSuite object from the policy element @@ -29,6 +28,6 @@ import org.apache.cxf.ws.security.policy */ public interface AlgorithmSuiteLoader { - AlgorithmSuite getAlgorithmSuite(Element policyElement, SPConstants consts); + AlgorithmSuite getAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy); } Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java?rev=1455121&r1=1455120&r2=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java Mon Mar 11 13:00:51 2013 @@ -18,35 +18,74 @@ */ package org.apache.cxf.ws.security.policy.custom; -import org.w3c.dom.Element; - -import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.ws.security.policy.SPConstants; -import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; +import org.apache.neethi.Assertion; +import org.apache.neethi.Policy; +import org.apache.wss4j.policy.SPConstants; +import org.apache.wss4j.policy.model.AbstractSecurityAssertion; +import org.apache.wss4j.policy.model.AlgorithmSuite; /** - * This class retrieves the default AlgorithmSuites. + * This class retrieves the default AlgorithmSuites plus the CXF specific GCM AlgorithmSuites. */ public class DefaultAlgorithmSuiteLoader implements AlgorithmSuiteLoader { - private static final String CXF_CUSTOM_POLICY_NS = - "http://cxf.apache.org/custom/security-policy"; + public AlgorithmSuite getAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) { + return new GCMAlgorithmSuite(version, nestedPolicy); + } + + private static class GCMAlgorithmSuite extends AlgorithmSuite { + + GCMAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) { + super(version, nestedPolicy); + } - public AlgorithmSuite getAlgorithmSuite(Element policyElement, SPConstants consts) { - if (policyElement != null) { - Element algorithm = DOMUtils.getFirstElement(policyElement); - if (algorithm != null) { - AlgorithmSuite algorithmSuite = null; - if (CXF_CUSTOM_POLICY_NS.equals(algorithm.getNamespaceURI())) { - algorithmSuite = new GCMAlgorithmSuite(consts); - } else { - algorithmSuite = new AlgorithmSuite(consts); - } - algorithmSuite.setAlgorithmSuite(algorithm.getLocalName()); - return algorithmSuite; + @Override + protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) { + return new GCMAlgorithmSuite(getVersion(), nestedPolicy); + } + + @Override + protected void parseCustomAssertion(Assertion assertion) { + String assertionName = assertion.getName().getLocalPart(); + String assertionNamespace = assertion.getName().getNamespaceURI(); + if (!"http://cxf.apache.org/custom/security-policy".equals(assertionNamespace)) { + return; + } + + if ("Basic128GCM".equals(assertionName)) { + setAlgorithmSuiteType(new AlgorithmSuiteType( + "Basic128GCM", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes128-gcm", + SPConstants.KW_AES128, + SPConstants.KW_RSA_OAEP, + SPConstants.P_SHA1_L128, + SPConstants.P_SHA1_L128, + 128, 128, 128, 256, 1024, 4096 + )); + } else if ("Basic192GCM".equals(assertionName)) { + setAlgorithmSuiteType(new AlgorithmSuiteType( + "Basic192GCM", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes192-gcm", + SPConstants.KW_AES192, + SPConstants.KW_RSA_OAEP, + SPConstants.P_SHA1_L192, + SPConstants.P_SHA1_L192, + 192, 192, 192, 256, 1024, 4096)); + } else if ("Basic256GCM".equals(assertionName)) { + setAlgorithmSuiteType(new AlgorithmSuiteType( + "Basic256GCM", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes256-gcm", + SPConstants.KW_AES256, + SPConstants.KW_RSA_OAEP, + SPConstants.P_SHA1_L256, + SPConstants.P_SHA1_L192, + 256, 192, 256, 256, 1024, 4096)); } } - return null; } + } Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/logging.properties URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/logging.properties?rev=1455121&r1=1455120&r2=1455121&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/logging.properties (original) +++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/logging.properties Mon Mar 11 13:00:51 2013 @@ -46,7 +46,7 @@ handlers= java.util.logging.ConsoleHandl # can be overriden by a facility specific level # Note that the ConsoleHandler also has a separate level # setting to limit messages printed to the console. -.level= WARNING +.level= INFO ############################################################ # Handler specific properties. @@ -60,7 +60,7 @@ java.util.logging.FileHandler.count = 1 java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter # Limit the message that are printed on the console to INFO and above. -java.util.logging.ConsoleHandler.level = SEVERE +java.util.logging.ConsoleHandler.level = INFO java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter