cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1549063 - in /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts: STSConstants.java operation/TokenIssueOperation.java token/provider/DefaultSubjectProvider.java
Date Sun, 08 Dec 2013 16:43:25 GMT
Author: ashakirin
Date: Sun Dec  8 16:43:25 2013
New Revision: 1549063

URL: http://svn.apache.org/r1549063
Log:
Prepare the feature for [CXF-5443], STS Symmetric HOK: using server endpoint (AppliesTo) as
certificate identifier to encrypt symmetric key

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSConstants.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSConstants.java?rev=1549063&r1=1549062&r2=1549063&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSConstants.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/STSConstants.java Sun
Dec  8 16:43:25 2013
@@ -142,6 +142,14 @@ public final class STSConstants {
     public static final String TOKEN_RENEWING_ALLOW_AFTER_EXPIRY = 
         "org.apache.cxf.sts.token.renewing.allow.after.expiry";
     
+    /**
+     * Constant to specify service endpoint as certificate alias for encryption.
+     * Constant is recognized by STS encryption alias is replaced with AppliesTo() address.

+     * This address will be used in WSS4J crypto to search service certificate
+     */
+    public static final String USE_ENDPOINT_AS_CERT_ALIAS = 
+        "useEndpointAsCertAlias";
+
     private STSConstants() {
         // complete
     }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1549063&r1=1549062&r2=1549063&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
Sun Dec  8 16:43:25 2013
@@ -34,6 +34,7 @@ import javax.xml.ws.handler.MessageConte
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.STSIssueFailureEvent;
 import org.apache.cxf.sts.event.STSIssueSuccessEvent;
@@ -65,6 +66,7 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -224,6 +226,7 @@ public class TokenIssueOperation extends
             try {
                 KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                 EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
+                mapEncryptionProperties(tokenRequirements, encryptionProperties);
                 RequestSecurityTokenResponseType response = 
                     createResponse(
                             encryptionProperties, tokenResponse, tokenRequirements, keyRequirements,
context
@@ -441,4 +444,15 @@ public class TokenIssueOperation extends
         return binarySecret;
     }
 
+    private void mapEncryptionProperties(TokenRequirements tokenRequirements,
+                                         EncryptionProperties encryptionProperties) {
+        
+        if (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS
+            .equals(encryptionProperties.getEncryptionName())
+            && (tokenRequirements.getAppliesTo() != null)) {
+            encryptionProperties.setEncryptionName(tokenRequirements.getAppliesTo()
+                .getTextContent());
+            encryptionProperties.setKeyIdentifierType(WSConstants.ENDPOINT_KEY_IDENTIFIER);
+        }
+    }
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java?rev=1549063&r1=1549062&r2=1549063&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
Sun Dec  8 16:43:25 2013
@@ -124,7 +124,7 @@ public class DefaultSubjectProvider impl
         
         if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)) {
             Crypto crypto = stsProperties.getEncryptionCrypto();
-            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+
             EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
             String encryptionName = encryptionProperties.getEncryptionName();
             if (encryptionName == null) {
@@ -135,7 +135,18 @@ public class DefaultSubjectProvider impl
                 LOG.fine("No encryption Name is configured for Symmetric KeyType");
                 throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
             }
-            cryptoType.setAlias(encryptionName);
+            
+            CryptoType cryptoType = null;
+
+            // Check using of service endpoint (AppliesTo) as certificate identifier
+            if (encryptionProperties.getKeyIdentifierType() == (WSConstants.ENDPOINT_KEY_IDENTIFIER))
{
+                cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
+                cryptoType.setEndpoint(encryptionProperties.getEncryptionName());
+            } else {
+                cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                cryptoType.setAlias(encryptionName);
+            }
+
             try {
                 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
                 if (certs == null || certs.length <= 0) {



Mime
View raw message