cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1530602 - in /cxf/trunk/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ test/java/org/apache/cxf/ws/security/wss4j/saml/
Date Wed, 09 Oct 2013 13:38:24 GMT
Author: coheigea
Date: Wed Oct  9 13:38:23 2013
New Revision: 1530602

URL: http://svn.apache.org/r1530602
Log:
Update to streaming ws-security code following recent merge to WSS4J

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Wed Oct  9 13:38:23 2013
@@ -204,7 +204,7 @@ public abstract class AbstractStaxBindin
     }
     
     protected SecurePart addKerberosToken(
-        KerberosToken token, boolean signed, boolean endorsing
+        KerberosToken token, boolean signed, boolean endorsing, boolean encrypting
     ) throws WSSecurityException {
         IncludeTokenType includeToken = token.getIncludeTokenType();
         if (!isTokenRequired(includeToken)) {
@@ -219,6 +219,7 @@ public abstract class AbstractStaxBindin
         // Convert to WSS4J token
         final KerberosClientSecurityToken wss4jToken = 
             new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+        wss4jToken.setSha1Identifier(secToken.getSHA1());
         
         final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider
=
             new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -233,15 +234,21 @@ public abstract class AbstractStaxBindin
                     return wss4jToken.getId();
                 }
             };
-        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST, 
+        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, 
                            kerberosSecurityTokenProvider);
         
+        if (encrypting) {
+            outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, 
+                               kerberosSecurityTokenProvider);
+        }
+        if (endorsing) {
+            outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, 
+                               kerberosSecurityTokenProvider);
+        }
+        
         // Action
         Map<String, Object> config = getProperties();
         String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
-        if (endorsing) {
-            actionToPerform = ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN;
-        }
         
         if (config.containsKey(ConfigurationConstants.ACTION)) {
             String action = (String)config.get(ConfigurationConstants.ACTION);
@@ -259,7 +266,10 @@ public abstract class AbstractStaxBindin
         }
         */
         
-        return new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+        SecurePart securePart = new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken,
Modifier.Element);
+        securePart.setIdToSign(wss4jToken.getId());
+        
+        return securePart;
     }
     
     protected SecurePart addSamlToken(
@@ -528,9 +538,10 @@ public abstract class AbstractStaxBindin
 
         // Find out do we also need to include the token as per the Inclusion requirement
         if (token instanceof X509Token 
-            && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
+            && isTokenRequired(token.getIncludeTokenType())
             && ("IssuerSerial".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
-                || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
+                || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
+                || "DirectReference".equals(config.get(ConfigurationConstants.SIG_KEY_ID))))
{
             config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "true");
         } else {
             config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
@@ -749,7 +760,7 @@ public abstract class AbstractStaxBindin
                     }
                 }
             } else if (isRequestor() && token instanceof KerberosToken) {
-                SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse);
+                SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse,
false);
                 if (securePart != null) {
                     ret.put(token, securePart);
                     if (suppTokens.isEncryptedToken()) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Wed Oct  9 13:38:23 2013
@@ -39,6 +39,7 @@ import javax.xml.soap.SOAPException;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -153,7 +154,9 @@ public class StaxSymmetricBindingHandler
             SecurityToken tok = null;
             if (encryptionToken instanceof KerberosToken) {
                 tok = getSecurityToken();
-                addKerberosToken((KerberosToken)encryptionToken, false, false);
+                if (MessageUtils.isRequestor(message)) {
+                    addKerberosToken((KerberosToken)encryptionToken, false, true, true);
+                }
             } else if (encryptionToken instanceof IssuedToken) {
                 tok = getSecurityToken();
                 addIssuedToken((IssuedToken)encryptionToken, tok, false, true);
@@ -181,7 +184,9 @@ public class StaxSymmetricBindingHandler
             }
             
             // Store key
-            storeSecurityToken(tok);
+            if (!(MessageUtils.isRequestor(message) && encryptionToken instanceof
KerberosToken)) {
+                storeSecurityToken(tok);
+            }
             
             List<SecurePart> encrParts = null;
             List<SecurePart> sigParts = null;
@@ -249,7 +254,9 @@ public class StaxSymmetricBindingHandler
             if (sigToken != null) {
                 if (sigToken instanceof KerberosToken) {
                     sigTok = getSecurityToken();
-                    addKerberosToken((KerberosToken)sigToken, false, false);
+                    if (MessageUtils.isRequestor(message)) {
+                        addKerberosToken((KerberosToken)sigToken, false, true, true);
+                    }
                 } else if (sigToken instanceof IssuedToken) {
                     sigTok = getSecurityToken();
                     addIssuedToken((IssuedToken)sigToken, sigTok, false, true);
@@ -281,7 +288,9 @@ public class StaxSymmetricBindingHandler
             }
             
             // Store key
-            storeSecurityToken(sigTok);
+            if (!(MessageUtils.isRequestor(message) && sigToken instanceof KerberosToken))
{
+                storeSecurityToken(sigTok);
+            }
 
             // Add timestamp
             List<SecurePart> sigs = new ArrayList<SecurePart>();
@@ -415,7 +424,11 @@ public class StaxSymmetricBindingHandler
         
         if (config.containsKey(ConfigurationConstants.ACTION)) {
             String action = (String)config.get(ConfigurationConstants.ACTION);
-            config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+            if (action.contains(ConfigurationConstants.KERBEROS_TOKEN)) {
+                config.put(ConfigurationConstants.ACTION, actionToPerform + " " + action);
+            } else {
+                config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+            }
         } else {
             config.put(ConfigurationConstants.ACTION, actionToPerform);
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Wed Oct  9 13:38:23 2013
@@ -172,7 +172,7 @@ public class StaxTransportBindingHandler
             } else if (token instanceof IssuedToken) {
                 addIssuedToken((IssuedToken)token, getSecurityToken(), false, false);
             } else if (token instanceof KerberosToken) {
-                addKerberosToken((KerberosToken)token, false, false);
+                addKerberosToken((KerberosToken)token, false, false, false);
             } else if (token instanceof SamlToken) {
                 addSamlToken((SamlToken)token, false, false);
             } else {
@@ -258,8 +258,7 @@ public class StaxTransportBindingHandler
             || token instanceof SpnegoContextToken) {
             addSig(doIssuedTokenSignature(token, wrapper));
         */
-        } else if (token instanceof X509Token
-            || token instanceof KeyValueToken) {
+        } else if (token instanceof X509Token || token instanceof KeyValueToken) {
             doSignature(token, wrapper);
         } else if (token instanceof SamlToken) {
             addSamlToken((SamlToken)token, false, true);
@@ -273,10 +272,19 @@ public class StaxTransportBindingHandler
         } else if (token instanceof UsernameToken) {
             throw new Exception("Endorsing UsernameTokens are not supported in the streaming
code");
         } else if (token instanceof KerberosToken) {
-            addKerberosToken((KerberosToken)token, false, true);
+            Map<String, Object> config = getProperties();
+            String signatureAction = ConfigurationConstants.SIGNATURE;
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, action + " " + signatureAction);
+            } else {
+                config.put(ConfigurationConstants.ACTION, signatureAction);
+            }
+            configureSignature(wrapper, token, false);
+            
+            addKerberosToken((KerberosToken)token, false, true, false);
             signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
             
-            Map<String, Object> config = getProperties();
             config.put(ConfigurationConstants.SIG_ALGO, 
                        tbinding.getAlgorithmSuite().getSymmetricSignature());
             AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Wed Oct  9 13:38:23 2013
@@ -159,11 +159,6 @@ public class StaxToDOMSamlTest extends A
         properties.setSamlCallbackHandler(new SAML1CallbackHandler());
         properties.setCallbackHandler(new PasswordCallbackHandler());
         
-        properties.setSignatureUser("alice");
-        
-        Properties cryptoProperties = 
-            CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
-        properties.setSignatureCryptoProperties(cryptoProperties);
         properties.setSignatureKeyIdentifier(
             WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
         );
@@ -205,8 +200,6 @@ public class StaxToDOMSamlTest extends A
         outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
         outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
         outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
-        outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
-        outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
         outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);
 
@@ -320,11 +313,6 @@ public class StaxToDOMSamlTest extends A
         properties.setSamlCallbackHandler(new SAML2CallbackHandler());
         properties.setCallbackHandler(new PasswordCallbackHandler());
         
-        properties.setSignatureUser("alice");
-        
-        Properties cryptoProperties = 
-            CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
-        properties.setSignatureCryptoProperties(cryptoProperties);
         properties.setSignatureKeyIdentifier(
             WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
         );
@@ -367,8 +355,6 @@ public class StaxToDOMSamlTest extends A
         outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
         outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler());
         outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
-        outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
-        outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
         outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);
 



Mime
View raw message