Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 69C53FEDA for ; Mon, 26 May 2014 16:24:24 +0000 (UTC) Received: (qmail 3430 invoked by uid 500); 26 May 2014 16:24:24 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 3360 invoked by uid 500); 26 May 2014 16:24:24 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 3347 invoked by uid 99); 26 May 2014 16:24:24 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 May 2014 16:24:24 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 169C79A594F; Mon, 26 May 2014 16:24:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 26 May 2014 16:24:24 -0000 Message-Id: <9912fea2ce02499e924bc5810c9b0982@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/4] git commit: [CXF-5766] - Caching nonces to disk may not work if the service QName is too long Repository: cxf Updated Branches: refs/heads/2.6.x-fixes 9e3a1b5ee -> c49437d89 [CXF-5766] - Caching nonces to disk may not work if the service QName is too long Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cc3f9957 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cc3f9957 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cc3f9957 Branch: refs/heads/2.6.x-fixes Commit: cc3f99579161dbd375f22ec8c3e92357f1fb57e2 Parents: 9e3a1b5 Author: Colm O hEigeartaigh Authored: Mon May 26 17:07:17 2014 +0100 Committer: Colm O hEigeartaigh Committed: Mon May 26 17:19:55 2014 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/wss4j/WSS4JUtils.java | 133 ++++++++++++++++++- 1 file changed, 132 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/cc3f9957/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 6d7d2ea..f851119 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -94,7 +94,12 @@ public final class WSS4JUtils { ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance(); String cacheKey = instanceKey; if (info.getName() != null) { - cacheKey += "-" + info.getName().toString(); + int hashcode = info.getName().toString().hashCode(); + if (hashcode < 0) { + cacheKey += hashcode; + } else { + cacheKey += "-" + hashcode; + } } replayCache = replayCacheFactory.newReplayCache(cacheKey, message); info.setProperty(instanceKey, replayCache); @@ -106,6 +111,132 @@ public final class WSS4JUtils { } /** +<<<<<<< HEAD +======= + * Fetch the result of a given action from a given result list. + * + * @param resultList The result list to fetch an action from + * @param action The action to fetch + * @return The result fetched from the result list, null if the result + * could not be found + */ + public static List fetchAllActionResults( + List resultList, + int action + ) { + return fetchAllActionResults(resultList, Collections.singletonList(action)); + } + + /** + * Fetch the results of a given number of actions action from a given result list. + * + * @param resultList The result list to fetch an action from + * @param actions The list of actions to fetch + * @return The list of matching results fetched from the result list + */ + public static List fetchAllActionResults( + List resultList, + List actions + ) { + List actionResultList = Collections.emptyList(); + if (actions == null || actions.isEmpty()) { + return actionResultList; + } + + for (WSSecurityEngineResult result : resultList) { + // + // Check the result of every action whether it matches the given action + // + int resultAction = + ((java.lang.Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue(); + if (actions.contains(resultAction)) { + if (actionResultList.isEmpty()) { + actionResultList = new ArrayList(); + } + actionResultList.add(result); + } + } + return actionResultList; + } +<<<<<<< HEAD +======= + + public static TokenStore getTokenStore(Message message, boolean create) { + EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo(); + synchronized (info) { + TokenStore tokenStore = + (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); + if (tokenStore == null) { + tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE); + } + if (create && tokenStore == null) { + TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance(); + String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE; + String cacheIdentifier = + (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER); + if (cacheIdentifier != null) { + cacheKey += "-" + cacheIdentifier; + } else if (info.getName() != null) { + int hashcode = info.getName().toString().hashCode(); + if (hashcode < 0) { + cacheKey += hashcode; + } else { + cacheKey += "-" + hashcode; + } + } + tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message); + info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore); + } + return tokenStore; + } + } + + public static String parseAndStoreStreamingSecurityToken( + org.apache.xml.security.stax.securityToken.SecurityToken securityToken, + Message message + ) throws XMLSecurityException { + if (securityToken == null) { + return null; + } + SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId()); + if (existingToken == null || existingToken.isExpired()) { + Date created = new Date(); + Date expires = new Date(); + expires.setTime(created.getTime() + 300000); + + SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires); + cachedTok.setSHA1(securityToken.getSha1Identifier()); + + if (securityToken.getTokenType() != null) { + if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) { + cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE); + } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KerberosToken) { + cachedTok.setTokenType(WSSConstants.NS_GSS_Kerberos5_AP_REQ); + } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml11Token) { + cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE); + } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token) { + cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE); + } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken + || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken) { + cachedTok.setTokenType(WSSConstants.NS_WSC_05_02); + } + } + + for (String key : securityToken.getSecretKey().keySet()) { + Key keyObject = securityToken.getSecretKey().get(key); + if (keyObject != null) { + cachedTok.setKey(keyObject); + if (keyObject instanceof SecretKey) { + cachedTok.setSecret(keyObject.getEncoded()); + } + break; + } + } + getTokenStore(message).add(cachedTok); +>>>>>>> 779cf32... [CXF-5766] - Caching nonces to disk may not work if the service QName is too long + + /** +>>>>>>> 49a9e00... [CXF-5766] - Caching nonces to disk may not work if the service QName is too long * Map a WSSecurityException FaultCode to a standard error String, so as not to leak * internal configuration to an attacker. */