Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F228210417 for ; Tue, 25 Feb 2014 17:17:35 +0000 (UTC) Received: (qmail 22508 invoked by uid 500); 25 Feb 2014 17:17:34 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 22418 invoked by uid 500); 25 Feb 2014 17:17:33 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 22411 invoked by uid 99); 25 Feb 2014 17:17:33 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Feb 2014 17:17:33 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 4E8F992C731; Tue, 25 Feb 2014 17:17:33 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: git commit: Include Encryption tokens for certain scenarios Date: Tue, 25 Feb 2014 17:17:33 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master fdb8de24a -> c92b639c2 Include Encryption tokens for certain scenarios Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c92b639c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c92b639c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c92b639c Branch: refs/heads/master Commit: c92b639c2ad2f67533b21dcd4a6543e28cb676bf Parents: fdb8de2 Author: Colm O hEigeartaigh Authored: Tue Feb 25 16:58:07 2014 +0000 Committer: Colm O hEigeartaigh Committed: Tue Feb 25 16:58:27 2014 +0000 ---------------------------------------------------------------------- .../policyhandlers/StaxAsymmetricBindingHandler.java | 14 ++++++++++++++ .../policyhandlers/StaxSymmetricBindingHandler.java | 13 +++++++++++++ 2 files changed, 27 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/c92b639c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java index 8563e3a..a34f068 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java @@ -53,6 +53,7 @@ import org.apache.wss4j.policy.model.SpnegoContextToken; import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; +import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; import org.apache.xml.security.stax.securityToken.OutboundSecurityToken; @@ -378,6 +379,19 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { } properties.setEncryptionKeyIdentifier(getKeyIdentifierType(recToken, encrToken)); + + // Find out do we also need to include the token as per the Inclusion requirement + WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getEncryptionKeyIdentifier(); + if (encrToken instanceof X509Token + && isTokenRequired(encrToken.getIncludeTokenType()) + && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier) + || WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier) + || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals( + keyIdentifier))) { + properties.setIncludeEncryptionToken(true); + } else { + properties.setIncludeEncryptionToken(false); + } properties.setEncryptionKeyTransportAlgorithm( algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap()); http://git-wip-us.apache.org/repos/asf/cxf/blob/c92b639c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index a961951..63d5041 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -475,6 +475,19 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { properties.setEncryptSymmetricEncryptionKey(false); } } + + // Find out do we also need to include the token as per the Inclusion requirement + WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getEncryptionKeyIdentifier(); + if (encrToken instanceof X509Token + && isTokenRequired(encrToken.getIncludeTokenType()) + && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier) + || WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier) + || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals( + keyIdentifier))) { + properties.setIncludeEncryptionToken(true); + } else { + properties.setIncludeEncryptionToken(false); + } properties.setEncryptionKeyTransportAlgorithm( algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());