cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1509197 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/
Date Thu, 01 Aug 2013 12:15:34 GMT
Author: coheigea
Date: Thu Aug  1 12:15:34 2013
New Revision: 1509197

URL: http://svn.apache.org/r1509197
Log:
Added support for streaming cert constraint validation

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1509197&r1=1509196&r2=1509197&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Aug  1 12:15:34 2013
@@ -283,8 +283,7 @@ public final class SecurityConstants {
     /**
      * A comma separated String of regular expressions which will be applied to the subject
DN of 
      * the certificate used for signature validation, after trust verification of the certificate

-     * chain associated with the  certificate. These constraints are not used when the certificate

-     * is contained in the keystore (direct trust).
+     * chain associated with the  certificate.
      */
     public static final String SUBJECT_CERT_CONSTRAINTS = "ws-security.subject.cert.constraints";
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1509197&r1=1509196&r2=1509197&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
Thu Aug  1 12:15:34 2013
@@ -22,13 +22,17 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
 import java.net.URL;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -140,7 +144,7 @@ public abstract class AbstractWSS4JStaxI
             (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
         if (certConstraints != null) {
             if (securityProperties != null) {
-                // TODO
+                securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
             } else {
                 properties.put(ConfigurationConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
             }
@@ -174,6 +178,24 @@ public abstract class AbstractWSS4JStaxI
         }
     }
     
+    private  Collection<Pattern> convertCertConstraints(String certConstraints) {
+        String[] certConstraintsList = certConstraints.split(",");
+        if (certConstraintsList != null) {
+            Collection<Pattern> subjectCertConstraints = 
+                new ArrayList<Pattern>(certConstraintsList.length);
+            for (String certConstraint : certConstraintsList) {
+                try {
+                    subjectCertConstraints.add(Pattern.compile(certConstraint.trim()));
+                } catch (PatternSyntaxException ex) {
+                    LOG.log(Level.SEVERE, ex.getMessage(), ex);
+                }
+            }
+            return subjectCertConstraints;
+        }
+        
+        return null;
+    }
+    
     protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException
{
         Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
         if (o instanceof String) {

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1509197&r1=1509196&r2=1509197&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
Thu Aug  1 12:15:34 2013
@@ -752,9 +752,7 @@ public class StaxX509TokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO WSS-438
     @org.junit.Test
-    @org.junit.Ignore
     public void testTransportSupportingSignedCertConstraints() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();



Mime
View raw message