cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1530949 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/ systests/ws-security/src/test/java/org/apache/cx...
Date Thu, 10 Oct 2013 12:49:49 GMT
Author: coheigea
Date: Thu Oct 10 12:49:49 2013
New Revision: 1530949

URL: http://svn.apache.org/r1530949
Log:
Some bug fixes + enabled some more streaming derived tests

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Thu Oct 10 12:49:49 2013
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.io.IOException;
+import java.security.Key;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -38,7 +39,6 @@ import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.i18n.Message;
@@ -94,11 +94,11 @@ import org.apache.wss4j.policy.model.XPa
 import org.apache.wss4j.policy.stax.PolicyUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
+import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-
 import org.opensaml.common.SAMLVersion;
 
 /**
@@ -211,14 +211,20 @@ public abstract class AbstractStaxBindin
             return null;
         }
 
-        SecurityToken secToken = getSecurityToken();
+        final SecurityToken secToken = getSecurityToken();
         if (secToken == null) {
             policyNotAsserted(token, "Could not find KerberosToken");
         }
         
         // Convert to WSS4J token
         final KerberosClientSecurityToken wss4jToken = 
-            new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+            new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId())
{
+            
+                @Override
+                public Key getSecretKey(String algorithmURI) throws XMLSecurityException
{
+                    return secToken.getKey();
+                }
+            };
         wss4jToken.setSha1Identifier(secToken.getSHA1());
         
         final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider
=
@@ -236,7 +242,6 @@ public abstract class AbstractStaxBindin
             };
         outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS, 
                            kerberosSecurityTokenProvider);
-        
         if (encrypting) {
             outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, 
                                kerberosSecurityTokenProvider);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Thu Oct 10 12:49:49 2013
@@ -363,7 +363,7 @@ public class StaxSymmetricBindingHandler
             String actionToPerform = ConfigurationConstants.ENCRYPT;
             if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
-                if (MessageUtils.isRequestor(message)) {
+                if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof
X509Token) {
                     config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
                 } else {
                     config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
@@ -402,8 +402,10 @@ public class StaxSymmetricBindingHandler
             if (isRequestor()) {
                 config.put(ConfigurationConstants.ENC_KEY_ID, 
                        getKeyIdentifierType(recToken, encrToken));
+                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "DirectReference");
             } else if (recToken.getToken() instanceof KerberosToken && !isRequestor())
{
                 config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
+                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "KerberosSHA1");
             } else {
                 config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
                 if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys)
{
@@ -438,7 +440,7 @@ public class StaxSymmetricBindingHandler
         String actionToPerform = ConfigurationConstants.SIGNATURE;
         if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
-            if (MessageUtils.isRequestor(message)) {
+            if (MessageUtils.isRequestor(message) && policyToken instanceof X509Token)
{
                 config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
             } else {
                 config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
@@ -508,8 +510,13 @@ public class StaxSymmetricBindingHandler
                     config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
                 }
             }
-        } else if (policyToken instanceof KerberosToken && !isRequestor()) {
-            config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
+        } else if (policyToken instanceof KerberosToken) {
+            if (isRequestor()) {
+                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "DirectReference");
+            } else {
+                config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
+                config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "KerberosSHA1");
+            }
         } else if (policyToken instanceof IssuedToken) {
             config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
         }

Modified: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
Thu Oct 10 12:49:49 2013
@@ -146,9 +146,9 @@ public class X509TokenTest extends Abstr
         // DOM
         x509Port.doubleIt(25);
         
-        // TODO - Support derived Streaming
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
Thu Oct 10 12:49:49 2013
@@ -103,9 +103,9 @@ public class WSSecurity111Test extends W
         String[] argv = new String[] {
             "A",
             "A-NoTimestamp",
-            // TODO Derived "AD",
+            "AD",
             // TODO See WSS-468 EncryptBeforeSigning not working "A-ES",
-            // TODO Derived "AD-ES",
+            // TODO See WSS-468 Derived "AD-ES",
             "UX",
             "UX-NoTimestamp",
             // TODO Derived "UXD",



Mime
View raw message