cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1498434 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandle...
Date Mon, 01 Jul 2013 13:29:47 GMT
Author: coheigea
Date: Mon Jul  1 13:29:47 2013
New Revision: 1498434

URL: http://svn.apache.org/r1498434
Log:
More streaming Kerberos work

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1498434&r1=1498433&r2=1498434&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Mon Jul  1 13:29:47 2013
@@ -278,13 +278,7 @@ public class KerberosTokenInterceptorPro
                         KerberosServiceSecurityToken kerberosToken = 
                             ((KerberosTokenSecurityEvent)event).getSecurityToken();
                         if (kerberosToken != null) {
-                            SecurityToken token = new SecurityToken(kerberosToken.getId());
-                            token.setTokenType(kerberosToken.getKerberosTokenValueType());
-
-                            byte[] secret = getSecretKeyFromToken(kerberosToken);
-                            token.setSecret(secret);
-                            getTokenStore(message).add(token);
-                            message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+                            storeKerberosToken(message, kerberosToken);
                         }
                     }
                 } else {
@@ -299,6 +293,27 @@ public class KerberosTokenInterceptorPro
             }
         }
         
+        private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken)
{
+            SecurityToken token = new SecurityToken(kerberosToken.getId());
+            token.setTokenType(kerberosToken.getKerberosTokenValueType());
+
+            SecretKey secretKey = getSecretKeyFromToken(kerberosToken);
+            token.setKey(secretKey);
+            if (secretKey != null) {
+                token.setSecret(secretKey.getEncoded());
+            }
+            
+            byte[] ticket = kerberosToken.getBinaryContent();
+            try {
+                token.setSHA1(Base64.encode(WSSecurityUtil.generateDigest(ticket)));
+            } catch (WSSecurityException e) {
+                // Just consume this for now as it isn't critical...
+            }
+            
+            getTokenStore(message).add(token);
+            message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
+        }
+        
         private SecurityEvent findKerberosEvent(Message message) {
             @SuppressWarnings("unchecked")
             final List<SecurityEvent> incomingEventList = 
@@ -314,13 +329,13 @@ public class KerberosTokenInterceptorPro
             return null;
         }
         
-        private byte[] getSecretKeyFromToken(KerberosServiceSecurityToken kerberosToken)
{
+        private SecretKey getSecretKeyFromToken(KerberosServiceSecurityToken kerberosToken)
{
             try {
                 Map<String, Key> secretKeys = kerberosToken.getSecretKey();
                 if (secretKeys != null) {
                     for (String key : kerberosToken.getSecretKey().keySet()) {
                         if (secretKeys.get(key) instanceof SecretKey) {
-                            return ((SecretKey)secretKeys.get(key)).getEncoded();
+                            return (SecretKey)secretKeys.get(key);
                         }
                     }
                 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1498434&r1=1498433&r2=1498434&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
Mon Jul  1 13:29:47 2013
@@ -369,14 +369,16 @@ public class WSS4JStaxInInterceptor exte
         
         public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
             for (int i = 0; i < callbacks.length; i++) {
-                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-                
-                String id = pc.getIdentifier();
-                SecurityToken tok = store.getToken(id);
-                if (tok != null) {
-                    pc.setKey(tok.getSecret());
-                    pc.setCustomToken(tok.getToken());
-                    return;
+                if (callbacks[i] instanceof WSPasswordCallback) {
+                    WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+                    
+                    String id = pc.getIdentifier();
+                    SecurityToken tok = store.getToken(id);
+                    if (tok != null) {
+                        pc.setKey(tok.getSecret());
+                        pc.setCustomToken(tok.getToken());
+                        return;
+                    }
                 }
             }
             if (internal != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1498434&r1=1498433&r2=1498434&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Mon Jul  1 13:29:47 2013
@@ -72,6 +72,7 @@ import org.apache.xml.security.stax.impl
 import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 import org.apache.xml.security.utils.Base64;
 
@@ -351,6 +352,8 @@ public class StaxSymmetricBindingHandler
             if (isRequestor()) {
                 config.put(ConfigurationConstants.ENC_KEY_ID, 
                        getKeyIdentifierType(recToken, encrToken));
+            } else if (recToken.getToken() instanceof KerberosToken && !isRequestor())
{
+                config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
             } else {
                 config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
             }
@@ -422,6 +425,8 @@ public class StaxSymmetricBindingHandler
             } else {
                 config.put(ConfigurationConstants.SIG_KEY_ID, "EncryptedKeySHA1");
             }
+        } else if (policyToken instanceof KerberosToken && !isRequestor()) {
+            config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
         }
         
         if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
@@ -538,8 +543,14 @@ public class StaxSymmetricBindingHandler
     }
     
     private void storeSecurityToken(SecurityToken tok) {
+        TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken;
+        if (tok.getTokenType() != null 
+            && tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE))
{
+            tokenType = WSSecurityTokenConstants.KerberosToken;
+        }
+        
         final GenericOutboundSecurityToken encryptedKeySecurityToken = 
-            new GenericOutboundSecurityToken(tok.getId(), WSSecurityTokenConstants.EncryptedKeyToken,
tok.getKey());
+            new GenericOutboundSecurityToken(tok.getId(), tokenType, tok.getKey());
         
         final SecurityTokenProvider<OutboundSecurityToken> encryptedKeySecurityTokenProvider
=
             new SecurityTokenProvider<OutboundSecurityToken>() {

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java?rev=1498434&r1=1498433&r2=1498434&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
Mon Jul  1 13:29:47 2013
@@ -44,6 +44,8 @@ import org.junit.BeforeClass;
  * 
  * See here for more information:
  * http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part.html
+ * 
+ * It tests both DOM + StAX clients against the DOM server
  */
 @org.junit.Ignore
 public class KerberosTokenTest extends AbstractBusClientServerTestBase {

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java?rev=1498434&r1=1498433&r2=1498434&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
Mon Jul  1 13:29:47 2013
@@ -102,7 +102,7 @@ public class StaxKerberosTokenTest exten
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
     }
-    /*
+    
     @org.junit.Test
     public void testKerberosOverSymmetric() throws Exception {
         
@@ -125,8 +125,12 @@ public class StaxKerberosTokenTest exten
 
         updateAddressPort(kerberosPort, PORT);
         
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -154,13 +158,16 @@ public class StaxKerberosTokenTest exten
 
         updateAddressPort(kerberosPort, PORT);
         
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
     }
-    */
     
     @org.junit.Test
     public void testKerberosOverAsymmetric() throws Exception {
@@ -252,7 +259,7 @@ public class StaxKerberosTokenTest exten
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
     }
-    /*
+    
     @org.junit.Test
     public void testKerberosOverSymmetricProtection() throws Exception {
 
@@ -270,13 +277,18 @@ public class StaxKerberosTokenTest exten
                 service.getPort(portQName, DoubleItPortType.class);
         
         updateAddressPort(kerberosPort, PORT);
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // TODO Streaming
+        // SecurityTestUtil.enableStreaming(kerberosPort);
+        // kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
     }
-    
+    /*
     @org.junit.Test
     public void testKerberosOverSymmetricDerivedProtection() throws Exception {
 



Mime
View raw message