cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing useReqSigCert functionality for JAX-RS streaming XML Sec
Date Tue, 22 Apr 2014 16:35:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 4b1396b45 -> cf6342212


Fixing useReqSigCert functionality for JAX-RS streaming XML Sec


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cf634221
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cf634221
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cf634221

Branch: refs/heads/master
Commit: cf6342212ed3fb703afeee36dcba4ffda5f1e2f1
Parents: 4b1396b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 22 17:35:22 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 22 17:35:22 2014 +0100

----------------------------------------------------------------------
 .../rs/security/xml/XmlSecOutInterceptor.java   | 45 +++++++++++++++++++-
 .../jaxrs/security/xml/JAXRSXmlSecTest.java     | 16 +------
 2 files changed, 45 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cf634221/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index ff6540b..8537252 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -59,6 +59,9 @@ import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.XMLSec;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
+import org.apache.xml.security.stax.securityToken.SecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.EncryptionConstants;
@@ -157,6 +160,12 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
                 && !MessageUtils.isRequestor(message)) {
                 sendingCert = 
                     message.getExchange().getInMessage().getContent(X509Certificate.class);
+                if (sendingCert == null) {
+                    @SuppressWarnings("unchecked")
+                    final List<SecurityEvent> incomingSecurityEventList = 
+                        (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".in");
+                    sendingCert = getUseReqSigCert(incomingSecurityEventList);
+                }
             } else {
                 CryptoLoader loader = new CryptoLoader();
                 Crypto crypto = loader.getCrypto(message, 
@@ -206,6 +215,36 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         }
     }
     
+    private X509Certificate getUseReqSigCert(List<SecurityEvent> incomingSecurityEventList)

+        throws XMLSecurityException {
+        SecurityToken signatureToken = getSignatureToken(incomingSecurityEventList);
+        if (signatureToken != null && signatureToken.getX509Certificates() != null
+            && signatureToken.getX509Certificates().length > 0) {
+            return signatureToken.getX509Certificates()[0];
+        }
+        return null;
+    }
+    
+    private SecurityToken getSignatureToken(List<SecurityEvent> incomingSecurityEventList)

+        throws XMLSecurityException {
+        if (incomingSecurityEventList != null) {
+            for (int i = 0; i < incomingSecurityEventList.size(); i++) {
+                SecurityEvent securityEvent = incomingSecurityEventList.get(i);
+                if (securityEvent instanceof TokenSecurityEvent) {
+                    @SuppressWarnings("unchecked")
+                    TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent

+                        = (TokenSecurityEvent<? extends SecurityToken>) securityEvent;
+                    if (tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(
+                        SecurityTokenConstants.TokenUsage_Signature)
+                    ) {
+                        return tokenSecurityEvent.getSecurityToken();
+                    }
+                }
+            }
+        }
+        return null;
+    }
+    
     private X509Certificate getCertificateFromCrypto(Crypto crypto, String user) throws Exception
{
         X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
         return certs[0];
@@ -344,7 +383,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         this.encryptionProperties = properties;
     }
     
-    public void setKeyIdentifierType(String type) {
+    public void setEncryptionKeyIdentifierType(String type) {
         encryptionProperties.setEncryptionKeyIdType(type);   
     }
     
@@ -380,6 +419,10 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         sigProps.setSignatureDigestAlgo(algo);
     }
     
+    public void setSignatureKeyIdentifierType(String type) {
+        sigProps.setSignatureKeyIdType(type);   
+    }
+    
     public final XmlSecStaxOutInterceptorInternal createEndingInterceptor() {
         return new XmlSecStaxOutInterceptorInternal();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/cf634221/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 2af2c51..cbf411b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -332,11 +332,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase
{
     
     @Test
     public void testPostEncryptedSignedBook() throws Exception {
-        if (STAX_PORT.equals(test.port)) {
-            // TODO We are not processing encrypted Signatures correctly
-            return;
-        }
-        
         String address = "https://localhost:" + test.port + "/xmlsec-validate/bookstore/books";
         Map<String, Object> properties = new HashMap<String, Object>();
         properties.put("ws-security.callback-handler", 
@@ -353,11 +348,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase
{
     
     @Test
     public void testPostEncryptedSignedBookInvalid() throws Exception {
-        if (STAX_PORT.equals(test.port)) {
-            // TODO We are not processing encrypted Signatures correctly
-            return;
-        }
-        
         String address = "https://localhost:" + test.port + "/xmlsec-validate/bookstore/books";
         Map<String, Object> properties = new HashMap<String, Object>();
         properties.put("ws-security.callback-handler", 
@@ -384,10 +374,6 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase
{
     
     @Test
     public void testPostEncryptedSignedBookUseReqSigCert() throws Exception {
-        if (STAX_PORT.equals(test.port)) {
-            // TODO Supporting UseReqSigCert
-            return;
-        }
         String address = "https://localhost:" + test.port + "/xmlsec-useReqSigCert/bookstore/books";
         Map<String, Object> properties = new HashMap<String, Object>();
         properties.put("ws-security.callback-handler", 
@@ -429,7 +415,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
         bean.setProperties(properties);
         if (streaming) {
             XmlSecOutInterceptor encInterceptor = new XmlSecOutInterceptor();
-            encInterceptor.setKeyIdentifierType(encryptionProperties.getEncryptionKeyIdType());
+            encInterceptor.setEncryptionKeyIdentifierType(encryptionProperties.getEncryptionKeyIdType());
             encInterceptor.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionSymmetricKeyAlgo());
             encInterceptor.setEncryptionDigestAlgorithm(encryptionProperties.getEncryptionDigestAlgo());
             encInterceptor.setEncryptRequest(true);


Mime
View raw message