cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] git commit: [CXF-5766] - Caching nonces to disk may not work if the service QName is too long
Date Mon, 26 May 2014 16:19:34 GMT
[CXF-5766] - Caching nonces to disk may not work if the service QName is too long

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49a9e00d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49a9e00d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49a9e00d

Branch: refs/heads/2.7.x-fixes
Commit: 49a9e00d2674e9879e2bebcc084a11ec0a5c7e41
Parents: c7828e8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon May 26 17:07:17 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon May 26 17:08:30 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/wss4j/WSS4JUtils.java       | 83 +++++++++++++++++++-
 1 file changed, 82 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/49a9e00d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index 5e1b967..6510083 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -98,7 +98,12 @@ public final class WSS4JUtils {
                     ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
                     String cacheKey = instanceKey;
                     if (info.getName() != null) {
-                        cacheKey += "-" + info.getName().toString();
+                        int hashcode = info.getName().toString().hashCode();
+                        if (hashcode < 0) {
+                            cacheKey += hashcode;
+                        } else {
+                            cacheKey += "-" + hashcode;
+                        }
                     }
                     replayCache = replayCacheFactory.newReplayCache(cacheKey, message);
                     info.setProperty(instanceKey, replayCache);
@@ -155,6 +160,82 @@ public final class WSS4JUtils {
         }
         return actionResultList;
     }
+<<<<<<< HEAD
+=======
+    
+    public static TokenStore getTokenStore(Message message, boolean create) {
+        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+        synchronized (info) {
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            if (tokenStore == null) {
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            }
+            if (create && tokenStore == null) {
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
+                String cacheIdentifier = 
+                    (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
+                if (cacheIdentifier != null) {
+                    cacheKey += "-" + cacheIdentifier;
+                } else if (info.getName() != null) {
+                    int hashcode = info.getName().toString().hashCode();
+                    if (hashcode < 0) {
+                        cacheKey += hashcode;
+                    } else {
+                        cacheKey += "-" + hashcode;
+                    }
+                }
+                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
+            }
+            return tokenStore;
+        }
+    }
+    
+    public static String parseAndStoreStreamingSecurityToken(
+        org.apache.xml.security.stax.securityToken.SecurityToken securityToken,
+        Message message
+    ) throws XMLSecurityException {
+        if (securityToken == null) {
+            return null;
+        }
+        SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId());
+        if (existingToken == null || existingToken.isExpired()) {
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + 300000);
+
+            SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires);
+            cachedTok.setSHA1(securityToken.getSha1Identifier());
+
+            if (securityToken.getTokenType() != null) {
+                if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken)
{
+                    cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE);
+                } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KerberosToken)
{
+                    cachedTok.setTokenType(WSSConstants.NS_GSS_Kerberos5_AP_REQ);
+                } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml11Token)
{
+                    cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE);
+                } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token)
{
+                    cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE);
+                } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken
+                    || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken)
{
+                    cachedTok.setTokenType(WSSConstants.NS_WSC_05_02);
+                }
+            }
+
+            for (String key : securityToken.getSecretKey().keySet()) {
+                Key keyObject = securityToken.getSecretKey().get(key);
+                if (keyObject != null) {
+                    cachedTok.setKey(keyObject);
+                    if (keyObject instanceof SecretKey) {
+                        cachedTok.setSecret(keyObject.getEncoded());
+                    }
+                    break;
+                }
+            }
+            getTokenStore(message).add(cachedTok);
+>>>>>>> 779cf32... [CXF-5766] - Caching nonces to disk may not work
if the service QName is too long
 
     /**
      * Map a WSSecurityException FaultCode to a standard error String, so as not to leak


Mime
View raw message