cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject cxf git commit: Fixed [CXF-6223]: Support message property for encryption certificate
Date Tue, 27 Jan 2015 14:58:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 35efd0b88 -> 168e1884d


Fixed [CXF-6223]: Support message property for encryption certificate


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/168e1884
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/168e1884
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/168e1884

Branch: refs/heads/3.0.x-fixes
Commit: 168e1884ded96778c719fcb8b1d3691f6b90fc4e
Parents: 35efd0b
Author: Andrei Shakirin <andrei.shakirin@gmail.com>
Authored: Tue Jan 27 14:47:06 2015 +0100
Committer: Andrei Shakirin <andrei.shakirin@gmail.com>
Committed: Tue Jan 27 15:58:13 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      |  8 ++++++
 .../policyhandlers/AbstractBindingBuilder.java  | 27 ++++++++++++++++----
 2 files changed, 30 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/168e1884/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index a0608c7..0516853 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -129,6 +129,14 @@ public final class SecurityConstants {
      */
     public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
     
+    /**
+     * A message property for prepared X509 certificate to be used for encryption. 
+     * If this is not defined, then the certificate will be either loaded from the 
+     * keystore {@link ENCRYPT_PROPERTIES} or extracted from request 
+     * (if {@link ENCRYPT_USERNAME} has value "useReqSigCert").
+     */
+    public static final String ENCRYPT_CERT = "ws-security.encryption.certificate";
+    
     //
     // Boolean WS-Security configuration tags, e.g. the value should be "true" or "false".
     //

http://git-wip-us.apache.org/repos/asf/cxf/blob/168e1884/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index a697e41..fd09a0d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1397,13 +1397,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         encrKey.prepare(saaj.getSOAPPart(), crypto);
         
         if (alsoIncludeToken) {
-            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-            cryptoType.setAlias(encrUser);
-            X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+            X509Certificate encCert = getEncryptCert(crypto, encrUser);
             BinarySecurity bstToken = new X509Security(saaj.getSOAPPart());
-            ((X509Security) bstToken).setX509Certificate(certs[0]);
+            ((X509Security) bstToken).setX509Certificate(encCert);
             bstToken.addWSUNamespace();
-            bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", certs[0]));
+            bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert));
             WSSecurityUtil.prependChildElement(
                 secHeader.getSecurityHeader(), bstToken.getElement()
             );
@@ -1413,6 +1411,18 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return encrKey;
     }
 
+    private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException
{
+        // Check for prepared encryption certificate
+        X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+        if (encrCert != null) {
+            return encrCert;
+        }
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(encrUser);
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        return certs[0];
+    }
+    
     public Crypto getSignatureCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException
{
         return getCrypto(wrapper, SecurityConstants.SIGNATURE_CRYPTO,
                          SecurityConstants.SIGNATURE_PROPERTIES);
@@ -1582,6 +1592,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     
     public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, AbstractTokenWrapper
token,
                                   boolean sign, Crypto crypto) {
+        // Check for prepared certificate property
+        X509Certificate encrCert = (X509Certificate)message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
+        if (encrCert != null) {
+            encrKeyBuilder.setUseThisCert(encrCert);
+            return null;
+        }
+        
         String encrUser = (String)message.getContextualProperty(sign 
                                                                 ? SecurityConstants.SIGNATURE_USERNAME
                                                                 : SecurityConstants.ENCRYPT_USERNAME);


Mime
View raw message