cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1554846 - in /cxf/trunk/services: sts/sts-core/src/main/java/org/apache/cxf/sts/operation/ sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/ xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/ xkms/xkms-common/src/m...
Date Thu, 02 Jan 2014 16:59:56 GMT
Author: ashakirin
Date: Thu Jan  2 16:59:56 2014
New Revision: 1554846

URL: http://svn.apache.org/r1554846
Log:
[CXF-5443] STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier
to encrypt symmetric key

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
    cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
Thu Jan  2 16:59:56 2014
@@ -34,7 +34,6 @@ import javax.xml.ws.handler.MessageConte
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.sts.QNameConstants;
-import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.STSIssueFailureEvent;
 import org.apache.cxf.sts.event.STSIssueSuccessEvent;
@@ -66,7 +65,6 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -226,7 +224,6 @@ public class TokenIssueOperation extends
             try {
                 KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                 EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
-                mapEncryptionProperties(tokenRequirements, encryptionProperties);
                 RequestSecurityTokenResponseType response = 
                     createResponse(
                             encryptionProperties, tokenResponse, tokenRequirements, keyRequirements,
context
@@ -443,16 +440,4 @@ public class TokenIssueOperation extends
                 QNameConstants.WS_TRUST_FACTORY.createBinarySecret(binarySecretType);
         return binarySecret;
     }
-
-    private void mapEncryptionProperties(TokenRequirements tokenRequirements,
-                                         EncryptionProperties encryptionProperties) {
-        
-        if (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS
-            .equals(encryptionProperties.getEncryptionName())
-            && (tokenRequirements.getAppliesTo() != null)) {
-            encryptionProperties.setEncryptionName(tokenRequirements.getAppliesTo()
-                .getTextContent());
-            encryptionProperties.setKeyIdentifierType(WSConstants.ENDPOINT_KEY_IDENTIFIER);
-        }
-    }
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
Thu Jan  2 16:59:56 2014
@@ -26,7 +26,6 @@ import java.util.logging.Logger;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
@@ -138,10 +137,14 @@ public class DefaultSubjectProvider impl
             
             CryptoType cryptoType = null;
 
-            // Check using of service endpoint (AppliesTo) as certificate identifier
-            if (encryptionProperties.getKeyIdentifierType() == (WSConstants.ENDPOINT_KEY_IDENTIFIER))
{
+            // Check for using of service endpoint (AppliesTo) as certificate identifier
+            if (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS.equals(encryptionName)) {
+                if (providerParameters.getAppliesToAddress() == null) {
+                    throw new STSException("AppliesTo is not initilaized for encryption name
"
+                                           + STSConstants.USE_ENDPOINT_AS_CERT_ALIAS);
+                }
                 cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
-                cryptoType.setEndpoint(encryptionProperties.getEncryptionName());
+                cryptoType.setEndpoint(providerParameters.getAppliesToAddress());
             } else {
                 cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                 cryptoType.setAlias(encryptionName);
@@ -149,9 +152,8 @@ public class DefaultSubjectProvider impl
 
             try {
                 X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
-                if (certs == null || certs.length <= 0) {
-                    new STSException("Encryption certificate is not found for alias: " +
encryptionName,
-                                     STSException.REQUEST_FAILED);
+                if ((certs == null) || (certs.length == 0)) {
+                    throw new STSException("Encryption certificate is not found for alias:
" + encryptionName);
                 }
                 KeyInfoBean keyInfo = 
                     createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
@@ -244,5 +246,4 @@ public class DefaultSubjectProvider impl
 
         return keyInfo;
     }
-
 }

Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
(original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
Thu Jan  2 16:59:56 2014
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.xkms.crypto.impl;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.util.Properties;
 
 import org.apache.cxf.message.Message;
@@ -75,4 +77,25 @@ public class XkmsCryptoProviderFactory i
     public Crypto create(XKMSPortType xkmsClient, Crypto fallbackCrypto, boolean allowX509FromJKS)
{
         return new XkmsCryptoProvider(xkmsClient, fallbackCrypto, allowX509FromJKS);
     }
+
+    @Override
+    public Crypto create(String keystorePropsPath) {
+        try {
+            Properties keystoreProps = new Properties();
+            InputStream is = this.getClass().getResourceAsStream(keystorePropsPath);
+            if (is == null) {
+                throw new CryptoProviderException("Cannot load security properties: "
+                    + keystorePropsPath);
+            }
+            keystoreProps.load(is);
+            Crypto defaultCrypto = CryptoFactory.getInstance(keystoreProps);
+            return new XkmsCryptoProvider(xkmsConsumer, defaultCrypto);
+        } catch (WSSecurityException e) {
+            throw new CryptoProviderException("Cannot instantiate crypto factory: "
+                + e.getMessage(), e);
+        } catch (IOException e) {
+            throw new CryptoProviderException("Cannot load security properties: "
+                + e.getMessage(), e);
+        }
+    }
 }

Modified: cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
(original)
+++ cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
Thu Jan  2 16:59:56 2014
@@ -49,6 +49,15 @@ public interface CryptoProviderFactory {
     Crypto create(Crypto fallbackCrypto);
     
     /**
+     * Create with overridden keystoreProperties to create default Crypto
+     * 
+     * @param xkmsClient
+     * @param keystoreProperties
+     * @return
+     */
+    Crypto create(String keystoreProperties);
+
+    /**
      * Create with overridden XKMSPortType and fallbackCrypto
      * 
      * @param xkmsClient



Mime
View raw message