cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1493836 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
Date Mon, 17 Jun 2013 16:29:24 GMT
Author: coheigea
Date: Mon Jun 17 16:29:24 2013
New Revision: 1493836

URL: http://svn.apache.org/r1493836
Log:
Some updates for the streaming symmetric binding

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1493836&r1=1493835&r2=1493836&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Mon Jun 17 16:29:24 2013
@@ -61,6 +61,7 @@ import org.apache.wss4j.policy.model.Sym
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -68,6 +69,8 @@ import org.apache.xml.security.stax.ext.
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 import org.apache.xml.security.utils.Base64;
@@ -123,6 +126,10 @@ public class StaxSymmetricBindingHandler
         } else {
             doSignBeforeEncrypt();
         }
+        
+        if (!isRequestor()) {
+            config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
+        }
     }
     
     private void doEncryptBeforeSign() {
@@ -337,8 +344,12 @@ public class StaxSymmetricBindingHandler
 
             config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);
 
-            config.put(ConfigurationConstants.ENC_KEY_ID, 
+            if (isRequestor()) {
+                config.put(ConfigurationConstants.ENC_KEY_ID, 
                        getKeyIdentifierType(recToken, encrToken));
+            } else {
+                config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
+            }
 
             config.put(ConfigurationConstants.ENC_KEY_TRANSPORT, 
                        algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
@@ -402,7 +413,6 @@ public class StaxSymmetricBindingHandler
                 config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKey");
             } else {
                 config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKeySHA1");
-                // TODO sig.setEncrKeySha1value(tok.getSHA1());
             }
         }
         
@@ -426,46 +436,41 @@ public class StaxSymmetricBindingHandler
         tempTok.setKey(symmetricKey);
         tempTok.setSecret(symmetricKey.getEncoded());
         
-        // Set the SHA1 value of the encrypted key, this is used when the encrypted
-        // key is referenced via a key identifier of type EncryptedKeySHA1
-        // tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
-        
         getTokenStore().add(tempTok);
         
         return tempTok.getId();
     }
     
-    private String getEncryptedKey() {
-        // findEncryptedKeyToken(message);
-        /*
-        SecurityEvent event = findEncryptedKeyEvent(message);
-        if (event != null) {
-            org.apache.xml.security.stax.securityToken.SecurityToken securityToken = 
-                ((EncryptedKeyTokenSecurityEvent)event).getSecurityToken();
-            if (securityToken != null) {
-                Date created = new Date();
-                Date expires = new Date();
-                expires.setTime(created.getTime() + 300000);
-                
-                String encryptedKeyID = securityToken.getId();
-                System.out.println("ID: " + encryptedKeyID);
-                SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
-                // tempTok.setSecret(securityToken.g);
-                //tempTok.setSHA1(getSHA1((byte[])wser
-                //                        .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
-                getTokenStore().add(tempTok);
-                
-                return encryptedKeyID;
+    private String getEncryptedKey() throws XMLSecurityException {
+        org.apache.xml.security.stax.securityToken.SecurityToken securityToken = 
+            findEncryptedKeyToken();
+        if (securityToken != null) {
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + 300000);
+
+            String encryptedKeyID = securityToken.getId();
+            SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
+            // TODO revisit
+            for (String key : securityToken.getSecretKey().keySet()) {
+                if (securityToken.getSecretKey().get(key) != null) {
+                    tempTok.setKey(securityToken.getSecretKey().get(key));
+                    tempTok.setSecret(securityToken.getSecretKey().get(key).getEncoded());
+                    break;
+                }
             }
+            //tempTok.setSHA1(getSHA1((byte[])wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
+            getTokenStore().add(tempTok);
+
+            return encryptedKeyID;
         }
-        System.out.println("EVENT NULL?: " + (event == null));
-        */
         return null;
         
     }
-    /*
-     * TODO
-    private SecurityToken findEncryptedKeyToken(Message message) {
+    
+    // TODO revisit
+    private org.apache.xml.security.stax.securityToken.SecurityToken 
+    findEncryptedKeyToken() throws XMLSecurityException {
         @SuppressWarnings("unchecked")
         final List<SecurityEvent> incomingEventList = 
             (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".in");
@@ -476,15 +481,18 @@ public class StaxSymmetricBindingHandler
                         == incomingEvent.getSecurityEventType()) {
                     org.apache.xml.security.stax.securityToken.SecurityToken token = 
                         ((AbstractSecuredElementSecurityEvent)incomingEvent).getSecurityToken();
-                    if (token != null && token.get) {
-                        
+                    if (token != null && token.getSecretKey() != null) {
+                        for (String key : token.getSecretKey().keySet()) {
+                            if (token.getSecretKey().get(key) != null) {
+                                return token;
+                            }
+                        }
                     }
                 }
             }
         }
         return null;
     }
-    */
     
     private String getSHA1(byte[] input) {
         try {
@@ -563,7 +571,7 @@ public class StaxSymmetricBindingHandler
                 if (pc.getKey() != null) {
                     String id = pc.getIdentifier();
                     SecurityToken token = store.getToken(id);
-                    if (token != null) {
+                    if (token != null && token.getSHA1() == null) {
                         token.setSHA1(getSHA1(pc.getKey()));
                         // Create another cache entry with the SHA1 Identifier as the key

                         // for easy retrieval

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1493836&r1=1493835&r2=1493836&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
Mon Jun 17 16:29:24 2013
@@ -69,7 +69,7 @@ public class StaxX509TokenTest extends A
         stopAllServers();
     }
     /*
-    // TODO
+     * TODO
     @org.junit.Test
     public void testKeyIdentifier() throws Exception {
 
@@ -86,8 +86,14 @@ public class StaxX509TokenTest extends A
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT);
+        
+        // DOM
         x509Port.doubleIt(25);
         
+        // TODO Streaming
+        // SecurityTestUtil.enableStreaming(x509Port);
+        // x509Port.doubleIt(25);
+        
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
@@ -113,8 +119,13 @@ public class StaxX509TokenTest extends A
                 "org/apache/cxf/systest/ws/wssec10/client/bob.properties");
         ((BindingProvider)x509Port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"bob");
         
+        // DOM
         x509Port.doubleIt(25);
         
+        // TODO Streaming
+        // SecurityTestUtil.enableStreaming(x509Port);
+        // x509Port.doubleIt(25);
+        
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
@@ -135,8 +146,14 @@ public class StaxX509TokenTest extends A
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT);
+        
+        // DOM
         x509Port.doubleIt(25);
         
+        // TODO Streaming
+        // SecurityTestUtil.enableStreaming(x509Port);
+        // x509Port.doubleIt(25);
+        
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
@@ -157,8 +174,14 @@ public class StaxX509TokenTest extends A
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT);
+        
+        // DOM
         x509Port.doubleIt(25);
         
+        // TODO Streaming
+        // SecurityTestUtil.enableStreaming(x509Port);
+        // x509Port.doubleIt(25);
+        
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
@@ -179,13 +202,14 @@ public class StaxX509TokenTest extends A
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT);
+        
+        // DOM
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     */
-    
     @org.junit.Test
     public void testAsymmetricIssuerSerial() throws Exception {
 
@@ -353,8 +377,10 @@ public class StaxX509TokenTest extends A
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
-    /*
+    
+    // TODO
     @org.junit.Test
+    @org.junit.Ignore
     public void testSymmetricProtectTokens() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -375,7 +401,6 @@ public class StaxX509TokenTest extends A
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
-    */
     
     @org.junit.Test
     public void testTransportEndorsing() throws Exception {



Mime
View raw message