cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Also send KeyType, KeySize + Renewal Semantics in a WS-Trust Validate request when the TokenType is not "Status"
Date Thu, 22 Jan 2015 15:39:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes c3787b323 -> 99fc7e1e5


Also send KeyType, KeySize + Renewal Semantics in a WS-Trust Validate request when the TokenType
is not "Status"


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99fc7e1e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99fc7e1e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99fc7e1e

Branch: refs/heads/3.0.x-fixes
Commit: 99fc7e1e5d5900a547a0c992102c100f69e918bd
Parents: c3787b3
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jan 22 15:14:39 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jan 22 15:32:00 2015 +0000

----------------------------------------------------------------------
 .../ws/security/trust/AbstractSTSClient.java    | 103 +++++++++++++------
 .../apache/cxf/ws/security/trust/STSClient.java |  23 +++--
 2 files changed, 89 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/99fc7e1e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 9dd2262..21298b2 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -841,16 +841,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
         }
         
         // Write out renewal semantics
-        if (sendRenewing) {
-            writer.writeStartElement("wst", "Renewing", namespace);
-            if (!allowRenewing) {
-                writer.writeAttribute(null, "Allow", "false");
-            }
-            if (allowRenewing && allowRenewingAfterExpiry) {
-                writer.writeAttribute(null, "OK", "true");
-            }
-            writer.writeEndElement();
-        }
+        writeRenewalSemantics(writer);
         
         writer.writeEndElement();
 
@@ -1053,16 +1044,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
         writer.writeEndElement();
         
         // Write out renewal semantics
-        if (sendRenewing) {
-            writer.writeStartElement("wst", "Renewing", namespace);
-            if (!allowRenewing) {
-                writer.writeAttribute(null, "Allow", "false");
-            }
-            if (allowRenewing && allowRenewingAfterExpiry) {
-                writer.writeAttribute(null, "OK", "true");
-            }
-            writer.writeEndElement();
-        }
+        writeRenewalSemantics(writer);
         
         writer.writeEndElement();
 
@@ -1126,19 +1108,82 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
         writer.writeCharacters(tokentype);
         writer.writeEndElement();
         
-        addClaims(writer);
+        if (tokentype.endsWith("/RSTR/Status")) {
+            addClaims(writer);
 
-        writer.writeStartElement("wst", "ValidateTarget", namespace);
+            writer.writeStartElement("wst", "ValidateTarget", namespace);
 
-        Element el = tok.getToken();
-        StaxUtils.copy(el, writer);
+            Element el = tok.getToken();
+            StaxUtils.copy(el, writer);
 
-        writer.writeEndElement();
-        writer.writeEndElement();
+            writer.writeEndElement();
+            writer.writeEndElement();
 
-        Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
-        
-        return new STSResponse((DOMSource)o[0], null);
+            Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+            
+            return new STSResponse((DOMSource)o[0], null);
+        } else {
+            if (enableLifetime) {
+                addLifetime(writer);
+            }
+            
+            // Default to Bearer KeyType
+            String keyTypeTemplate = keyType;
+            if (keyTypeTemplate == null) {
+                keyTypeTemplate = namespace + "/Bearer";
+            }
+            keyTypeTemplate = writeKeyType(writer, keyTypeTemplate);
+
+            byte[] requestorEntropy = null;
+            X509Certificate cert = null;
+            Crypto crypto = null;
+
+            if (keySize <= 0) {
+                keySize = 256;
+            }
+            if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey"))
{
+                requestorEntropy = writeElementsForRSTSymmetricKey(writer, false);
+            } else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey"))
{
+                // Use the given cert, or else get it from a Crypto instance
+                if (useKeyCertificate != null) {
+                    cert = useKeyCertificate;
+                } else {
+                    crypto = createCrypto(false);
+                    cert = getCert(crypto);
+                }
+                writeElementsForRSTPublicKey(writer, cert);
+            }
+
+            writeRenewalSemantics(writer);
+            
+            addClaims(writer);
+
+            writer.writeStartElement("wst", "ValidateTarget", namespace);
+
+            Element el = tok.getToken();
+            StaxUtils.copy(el, writer);
+
+            writer.writeEndElement();
+            writer.writeEndElement();
+
+            Object o[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+            
+            return new STSResponse((DOMSource)o[0], requestorEntropy, cert, crypto);
+        }
+    }
+    
+    private void writeRenewalSemantics(XMLStreamWriter writer) throws XMLStreamException
{
+        // Write out renewal semantics
+        if (sendRenewing) {
+            writer.writeStartElement("wst", "Renewing", namespace);
+            if (!allowRenewing) {
+                writer.writeAttribute(null, "Allow", "false");
+            }
+            if (allowRenewing && allowRenewingAfterExpiry) {
+                writer.writeAttribute(null, "OK", "true");
+            }
+            writer.writeEndElement();
+        }    
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/99fc7e1e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
index 41b926d..afdaaea 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
@@ -28,7 +28,6 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -127,14 +126,22 @@ public class STSClient extends AbstractSTSClient {
                     reason = DOMUtils.getContent(e2);
                 }
             } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
-                Element requestedSecurityTokenElement = DOMUtils.getFirstElement(el);
-                String id = findID(null, null, requestedSecurityTokenElement);
-                if (StringUtils.isEmpty(id)) {
-                    throw new TrustException("NO_ID", LOG);
+                SecurityToken token = 
+                    createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
+                
+                if (response.getCert() != null) {
+                    token.setX509Certificate(response.getCert(), response.getCrypto());
+                }
+                if (token.getTokenType() == null) {
+                    String tokenTypeFromTemplate = getTokenTypeFromTemplate();
+                    if (tokenTypeFromTemplate != null) {
+                        token.setTokenType(tokenTypeFromTemplate);
+                    } else if (tokenType != null) {
+                        token.setTokenType(tokenType);
+                    }
                 }
-                SecurityToken requestedSecurityToken = new SecurityToken(id);
-                requestedSecurityToken.setToken(requestedSecurityTokenElement);
-                tokens.add(requestedSecurityToken);
+                
+                tokens.add(token);
             }
             el = DOMUtils.getNextElement(el);
         }


Mime
View raw message