cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] git commit: Added the ability to sign/encrypt the request without specifying QNames
Date Thu, 20 Feb 2014 12:32:35 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 45547032b -> 2be064961


Added the ability to sign/encrypt the request without specifying QNames


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/405db940
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/405db940
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/405db940

Branch: refs/heads/master
Commit: 405db9402430a6cf81601ae5aed9bfaa8830969e
Parents: 4554703
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Feb 20 12:04:03 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Feb 20 12:04:03 2014 +0000

----------------------------------------------------------------------
 .../rs/security/xml/XmlSecOutInterceptor.java   | 58 +++++++++++++-------
 .../jaxrs/security/xml/JAXRSXmlSecTest.java     |  5 --
 2 files changed, 39 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/405db940/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index bcff1aa..f9f7a6a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -151,10 +151,6 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message>
{
     
     private void configureEncryption(Message message, XMLSecurityProperties properties) 
         throws Exception {
-        if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) {
-            throw new Exception("An Element to Encrypt must be specified");
-        }
-        
         properties.setEncryptionSymAlgorithm(
             encryptionProperties.getEncryptionSymmetricKeyAlgo());
         properties.setEncryptionKey(
@@ -192,9 +188,20 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message>
{
         }
         
         properties.addAction(XMLSecurityConstants.ENCRYPT);
-        SecurePart securePart = 
-            new SecurePart(elementsToEncrypt.get(0), SecurePart.Modifier.Element);
-        properties.addEncryptionPart(securePart);
+        
+        if (elementsToEncrypt == null || elementsToEncrypt.isEmpty()) {
+            LOG.fine("No Elements to encrypt are specified, so the entire request is encrypt");
+            SecurePart securePart = 
+                new SecurePart((QName)null, SecurePart.Modifier.Element);
+            securePart.setSecureEntireRequest(true);
+            properties.addEncryptionPart(securePart);
+        } else {
+            for (QName element : elementsToEncrypt) {
+                SecurePart securePart = 
+                    new SecurePart(element, SecurePart.Modifier.Element);
+                properties.addEncryptionPart(securePart);
+            }
+        }
     }
     
     private X509Certificate getCertificateFromCrypto(Crypto crypto, String user) throws Exception
{
@@ -238,10 +245,6 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message>
{
     private void configureSignature(
         Message message, XMLSecurityProperties properties
     ) throws Exception {
-        if (elementsToSign == null || elementsToSign.isEmpty()) {
-            throw new Exception("An Element to Sign must be specified");
-        }
-        
         String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
         
         CryptoLoader loader = new CryptoLoader();
@@ -302,14 +305,31 @@ public class XmlSecOutInterceptor implements PhaseInterceptor<Message>
{
         if (sigProps.getSignatureC14nTransform() != null) {
             transform = sigProps.getSignatureC14nTransform();
         }
-        SecurePart securePart = 
-            new SecurePart(elementsToSign.get(0), SecurePart.Modifier.Element,
-                           new String[]{
-                               "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
-                               transform
-                           },
-                           digestAlgo);
-        properties.addSignaturePart(securePart);
+        
+        if (elementsToSign == null || elementsToSign.isEmpty()) {
+            LOG.fine("No Elements to sign are specified, so the entire request is signed");
+            SecurePart securePart = 
+                new SecurePart(null, SecurePart.Modifier.Element,
+                               new String[]{
+                                   "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+                                   transform
+                               },
+                               digestAlgo);
+            securePart.setSecureEntireRequest(true);
+            properties.addSignaturePart(securePart);
+        } else {
+            for (QName element : elementsToSign) {
+                SecurePart securePart = 
+                    new SecurePart(element, SecurePart.Modifier.Element,
+                                   new String[]{
+                                       "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+                                       transform
+                                   },
+                                   digestAlgo);
+                properties.addSignaturePart(securePart);
+            }
+        }
+        
     }
     
     protected void throwFault(String error, Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/405db940/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 927769a..68c8047 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -28,7 +28,6 @@ import java.util.Map;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.ProcessingException;
 import javax.ws.rs.WebApplicationException;
-import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -127,7 +126,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
         if (streaming) {
             XmlSecOutInterceptor sigInterceptor = new XmlSecOutInterceptor();
             sigInterceptor.setSignRequest(true);
-            sigInterceptor.addElementToSign(new QName("", "Book"));
             bean.getOutInterceptors().add(sigInterceptor);
         } else {
             XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
@@ -208,7 +206,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
         if (streaming) {
             XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
             sigOutInterceptor.setSignRequest(true);
-            sigOutInterceptor.addElementToSign(new QName("", "Book"));
             sigOutInterceptor.setKeyInfoMustBeAvailable(useKeyInfo);
             bean.getOutInterceptors().add(sigOutInterceptor);
             
@@ -425,9 +422,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
             encInterceptor.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionSymmetricKeyAlgo());
             encInterceptor.setEncryptionDigestAlgorithm(encryptionProperties.getEncryptionDigestAlgo());
             encInterceptor.setEncryptRequest(true);
-            encInterceptor.addElementToEncrypt(new QName("", "Book"));
             if (sign) {
-                encInterceptor.addElementToSign(new QName("", "Book"));
                 encInterceptor.setSignRequest(true);
             }
             bean.getOutInterceptors().add(encInterceptor);


Mime
View raw message