cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Precompile Subject Constraints
Date Mon, 21 Jul 2014 16:33:59 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master b5011300a -> cae5c37f3


Precompile Subject Constraints


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/cae5c37f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/cae5c37f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/cae5c37f

Branch: refs/heads/master
Commit: cae5c37f3cb6a9250fb2c5c52c16cd0cc759dd6b
Parents: b501130
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jul 21 17:33:40 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jul 21 17:33:40 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/config/TrustedIssuer.java    | 16 ++++++++++++++++
 .../core/saml/FedizSignatureTrustValidator.java | 20 --------------------
 .../cxf/fediz/core/saml/SAMLTokenValidator.java |  8 +++++++-
 .../fediz/core/saml/SamlAssertionValidator.java | 14 +++-----------
 .../samlsso/SAMLProtocolResponseValidator.java  | 10 ++++++++--
 5 files changed, 34 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
index 713b2b4..697fa87 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
@@ -19,11 +19,14 @@
 
 package org.apache.cxf.fediz.core.config;
 
+import java.util.regex.Pattern;
+
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
 
 public class TrustedIssuer {
     private final TrustedIssuerType trustedIssuerType;
+    private Pattern subject;
 
         
     public TrustedIssuer(TrustedIssuerType trustedIssuerType) {
@@ -39,12 +42,25 @@ public class TrustedIssuer {
         trustedIssuerType.setName(name);
     }
     
+    public Pattern getCompiledSubject() {
+        if (subject != null) {
+            return subject;
+        }
+        
+        if (trustedIssuerType.getSubject() != null) {
+            subject = Pattern.compile(trustedIssuerType.getSubject());
+        }
+        
+        return subject;
+    }
+    
     public String getSubject() {
         return trustedIssuerType.getSubject();
     }
     
     public void setSubject(String subject) {
         trustedIssuerType.setSubject(subject);
+        this.subject = null;
     }
 
     public CertificateValidationMethod getCertificateValidationMethod() {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index 0a2ff81..5ee33eb 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -26,10 +26,8 @@ import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
 
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -78,24 +76,6 @@ public class FedizSignatureTrustValidator implements Validator {
     }
     
     /**
-     * Set a list of Strings corresponding to regular expression constraints on
-     * the subject DN of a certificate
-     */
-    public void setSubjectConstraints(List<String> constraints) {
-        if (constraints != null) {
-            subjectDNPatterns = new ArrayList<Pattern>();
-            for (String constraint : constraints) {
-                try {
-                    subjectDNPatterns.add(Pattern.compile(constraint.trim()));
-                } catch (PatternSyntaxException ex) {
-                    // LOG.severe(ex.getMessage());
-                    throw ex;
-                }
-            }
-        }
-    }
-    
-    /**
      * Validate the credential argument. It must contain either some Certificates or a PublicKey.
      * 
      * A Crypto and a CallbackHandler implementation is required to be set.

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 0b9b68a..81f73f8 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -27,6 +27,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
+import java.util.regex.Pattern;
 
 import org.w3c.dom.Element;
 import org.apache.cxf.fediz.core.Claim;
@@ -134,7 +135,12 @@ public class SAMLTokenValidator implements TokenValidator {
             
             List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
             for (TrustedIssuer ti : trustedIssuers) {
-                List<String> subjectConstraints = Collections.singletonList(ti.getSubject());
+                Pattern subjectConstraint = ti.getCompiledSubject();
+                List<Pattern> subjectConstraints = new ArrayList<Pattern>(1);
+                if (subjectConstraint != null) {
+                    subjectConstraints.add(subjectConstraint);
+                }
+                
                 if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST))
{
                     trustValidator.setSubjectConstraints(subjectConstraints);
                     trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
index e72f021..f48945c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
@@ -24,7 +24,6 @@ import java.util.Collection;
 import java.util.Date;
 import java.util.List;
 import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
 
 import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TRUST_TYPE;
 import org.apache.wss4j.common.cache.ReplayCache;
@@ -91,17 +90,10 @@ public class SamlAssertionValidator implements Validator {
      * Set a list of Strings corresponding to regular expression constraints on
      * the subject DN of a certificate
      */
-    public void setSubjectConstraints(List<String> constraints) {
+    public void setSubjectConstraints(Collection<Pattern> constraints) {
         if (constraints != null) {
-            subjectDNPatterns = new ArrayList<Pattern>();
-            for (String constraint : constraints) {
-                try {
-                    subjectDNPatterns.add(Pattern.compile(constraint.trim()));
-                } catch (PatternSyntaxException ex) {
-                    // LOG.severe(ex.getMessage());
-                    throw ex;
-                }
-            }
+            subjectDNPatterns.clear();
+            subjectDNPatterns.addAll(constraints);
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
index d086aee..c674f9e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
@@ -18,8 +18,9 @@
  */
 package org.apache.cxf.fediz.core.samlsso;
 
-import java.util.Collections;
+import java.util.ArrayList;
 import java.util.List;
+import java.util.regex.Pattern;
 
 import org.w3c.dom.Document;
 import org.apache.cxf.fediz.core.config.CertificateValidationMethod;
@@ -229,7 +230,12 @@ public class SAMLProtocolResponseValidator {
         
         List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
         for (TrustedIssuer ti : trustedIssuers) {
-            List<String> subjectConstraints = Collections.singletonList(ti.getSubject());
+            Pattern subjectConstraint = ti.getCompiledSubject();
+            List<Pattern> subjectConstraints = new ArrayList<Pattern>(1);
+            if (subjectConstraint != null) {
+                subjectConstraints.add(subjectConstraint);
+            }
+            
             if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST))
{
                 trustValidator.setSubjectConstraints(subjectConstraints);
                 trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);


Mime
View raw message