cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1478851 - /cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
Date Fri, 03 May 2013 15:53:09 GMT
Author: coheigea
Date: Fri May  3 15:53:08 2013
New Revision: 1478851

URL: http://svn.apache.org/r1478851
Log:
[FEDIZ-4] - Added ability to send TLS client cert to the STS

Modified:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java?rev=1478851&r1=1478850&r2=1478851&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
Fri May  3 15:53:08 2013
@@ -20,9 +20,11 @@ package org.apache.cxf.fediz.service.idp
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.XMLStreamException;
@@ -61,6 +63,9 @@ public class STSClientAction {
 
     private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER = 
             "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+    
+    private static final String HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY
= 
+            "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
 
     private static final String HTTP_WWW_W3_ORG_2005_08_ADDRESSING = "http://www.w3.org/2005/08/addressing";
 
@@ -87,7 +92,8 @@ public class STSClientAction {
     private boolean claimsRequired = true;
     
     private boolean isPortSet;
-
+    
+    private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
 
     public String getWsdlLocation() {
         return wsdlLocation;
@@ -162,7 +168,22 @@ public class STSClientAction {
         IdpSTSClient sts = new IdpSTSClient(cxfBus);
         sts.setAddressingNamespace(HTTP_WWW_W3_ORG_2005_08_ADDRESSING);
         paramTokenType(sts);
-        sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
+        sts.setKeyType(keyType);
+        if (HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY.equals(keyType)) {
+            HttpServletRequest servletRequest = WebUtils.getHttpServletRequest(context);
+            if (servletRequest != null) {
+                X509Certificate certs[] = 
+                    (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
+                if (certs != null && certs.length > 0) {
+                    sts.setUseCertificateForConfirmationKeyInfo(true);
+                    // TODO uncomment once we pick up CXF 2.7.5.
+                    // sts.setUseKeyCertificate(certs[0]);
+                } else {
+                    LOG.info("Can't send a PublicKey KeyType as no client certs are available");
+                    sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);
+                }
+            }
+        }
 
         processWsdlLocation(context);
         sts.setWsdlLocation(wsdlLocation);
@@ -289,4 +310,12 @@ public class STSClientAction {
         this.isPortSet = true;
     }
 
+    public String getKeyType() {
+        return keyType;
+    }
+
+    public void setKeyType(String keyType) {
+        this.keyType = keyType;
+    }
+
 }



Mime
View raw message