cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1547352 - in /cxf/trunk: rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/ rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/ rt/rs/security/xml/src/main/java/org/a...
Date Tue, 03 Dec 2013 11:55:37 GMT
Author: coheigea
Date: Tue Dec  3 11:55:37 2013
New Revision: 1547352

URL: http://svn.apache.org/r1547352
Log:
An update following a recent merge to WSS4J

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
    cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
Tue Dec  3 11:55:37 2013
@@ -33,7 +33,6 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.message.Message;
@@ -61,9 +60,11 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
 import org.apache.wss4j.dom.validate.Validator;
@@ -188,10 +189,13 @@ public class Saml2BearerGrantHandler ext
                     message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
                 
                 Signature sig = assertion.getSignature();
+                WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
                 KeyInfo keyInfo = sig.getKeyInfo();
+                
                 SAMLKeyInfo samlKeyInfo = 
-                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
-                        keyInfo.getDOM(), data.getSigVerCrypto()
+                    SAMLUtil.getCredentialFromKeyInfo(
+                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo), 
+                        data.getSigVerCrypto()
                     );
                 assertion.verifySignature(samlKeyInfo);
                 

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
(original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
Tue Dec  3 11:55:37 2013
@@ -350,10 +350,12 @@ public class SAMLProtocolResponseValidat
             // Verify the signature
             try {
                 Signature sig = assertion.getSignature();
+                WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
                 KeyInfo keyInfo = sig.getKeyInfo();
+                
                 SAMLKeyInfo samlKeyInfo = 
-                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
-                        keyInfo.getDOM(), sigCrypto
+                    SAMLUtil.getCredentialFromKeyInfo(
+                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo),
sigCrypto
                     );
                 assertion.verifySignature(samlKeyInfo);
                 

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
Tue Dec  3 11:55:37 2013
@@ -36,7 +36,6 @@ import javax.ws.rs.core.Response;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
@@ -52,6 +51,7 @@ import org.apache.wss4j.common.saml.Open
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -133,12 +133,14 @@ public abstract class AbstractSamlInHand
                 }
                 data.setEnableRevocation(MessageUtils.isTrue(
                     message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
-                
                 Signature sig = assertion.getSignature();
+                WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
                 KeyInfo keyInfo = sig.getKeyInfo();
+                
                 SAMLKeyInfo samlKeyInfo = 
-                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
-                        keyInfo.getDOM(), data.getSigVerCrypto()
+                    SAMLUtil.getCredentialFromKeyInfo(
+                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo), 
+                        data.getSigVerCrypto()
                     );
                 
                 assertion.verifySignature(samlKeyInfo);

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Tue Dec  3 11:55:37 2013
@@ -49,8 +49,10 @@ import org.apache.wss4j.common.saml.SAML
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SignatureTrustValidator;
 import org.apache.wss4j.dom.validate.Validator;
@@ -172,21 +174,22 @@ public class SAMLTokenValidator implemen
                     return response;
                 }
                 
+                RequestData requestData = new RequestData();
+                requestData.setSigVerCrypto(sigCrypto);
+                WSSConfig wssConfig = WSSConfig.getNewInstance();
+                requestData.setWssConfig(wssConfig);
+                requestData.setCallbackHandler(callbackHandler);
+                WSDocInfo docInfo = new WSDocInfo(validateTargetElement.getOwnerDocument());
+                
                 // Verify the signature
                 Signature sig = assertion.getSignature();
                 KeyInfo keyInfo = sig.getKeyInfo();
                 SAMLKeyInfo samlKeyInfo = 
-                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
-                        keyInfo.getDOM(), sigCrypto
+                    SAMLUtil.getCredentialFromKeyInfo(
+                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo),
sigCrypto
                     );
                 assertion.verifySignature(samlKeyInfo);
                 
-                RequestData requestData = new RequestData();
-                requestData.setSigVerCrypto(sigCrypto);
-                WSSConfig wssConfig = WSSConfig.getNewInstance();
-                requestData.setWssConfig(wssConfig);
-                requestData.setCallbackHandler(callbackHandler);
-                
                 // Validate the assertion against schemas/profiles
                 validateAssertion(assertion);
 



Mime
View raw message