cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Refactor of the STS core
Date Tue, 24 Mar 2015 12:17:08 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
index 5b65178..9c7e973 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
@@ -32,6 +32,7 @@ import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.ws.security.sts.provider.STSException;
@@ -169,10 +170,15 @@ public class SAMLRealm {
      */
     public CallbackHandler getCallbackHandler() {
         if (callbackHandler == null && callbackHandlerClass != null) {
-            callbackHandler = getCallbackHandler(callbackHandlerClass);
-            if (callbackHandler == null) {
-                LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
-                throw new STSException("Configuration error: cannot load callback handler");
+            try {
+                callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass);
+                if (callbackHandler == null) {
+                    LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
+                    throw new STSException("Configuration error: cannot load callback handler");
+                }
+            } catch (WSSecurityException ex) {
+                LOG.fine("Error in loading the callback handler object: " + ex.getMessage());
+                throw new STSException(ex.getMessage());
             }
         }
         return callbackHandler;
@@ -218,21 +224,4 @@ public class SAMLRealm {
         return properties;
     }
     
-    private CallbackHandler getCallbackHandler(Object o) {
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = 
-                    (CallbackHandler)ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                LOG.fine(e.getMessage());
-                handler = null;
-            }
-        }
-        return handler;
-    }
-    
-    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
index 0cf2174..ecd8a53 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
@@ -41,10 +41,10 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.cache.CacheUtils;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.token.provider.AbstractSAMLTokenProvider;
 import org.apache.cxf.sts.token.provider.ConditionsProvider;
 import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
@@ -53,7 +53,6 @@ import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -80,7 +79,7 @@ import org.opensaml.saml.saml2.core.AudienceRestriction;
 /**
  * A TokenRenewer implementation that renews a (valid or expired) SAML Token.
  */
-public class SAMLTokenRenewer implements TokenRenewer {
+public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements TokenRenewer {
     
     // The default maximum expired time a token is allowed to be is 30 minutes
     public static final long DEFAULT_MAX_EXPIRY = 60L * 30L;
@@ -88,7 +87,7 @@ public class SAMLTokenRenewer implements TokenRenewer {
     private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenRenewer.class);
     private boolean signToken = true;
     private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
-    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+    private Map<String, SAMLRealm> realmMap = new HashMap<>();
     private long maxExpiry = DEFAULT_MAX_EXPIRY;
     // boolean to enable/disable the check of proof of possession
     private boolean verifyProofOfPossession = true;
@@ -428,77 +427,13 @@ public class SAMLTokenRenewer implements TokenRenewer {
     ) throws Exception {
         if (signToken) {
             STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-            
-            // Initialise signature objects with defaults of STSPropertiesMBean
-            Crypto signatureCrypto = stsProperties.getSignatureCrypto();
-            CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-            SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
-            String alias = stsProperties.getSignatureUsername();
-            
             String realm = tokenParameters.getRealm();
             SAMLRealm samlRealm = null;
             if (realm != null && realmMap.containsKey(realm)) {
                 samlRealm = realmMap.get(realm);
             }
-            if (samlRealm != null) {
-                // If SignatureCrypto configured in realm then
-                // callbackhandler and alias of STSPropertiesMBean is ignored
-                if (samlRealm.getSignatureCrypto() != null) {
-                    LOG.fine("SAMLRealm signature keystore used");
-                    signatureCrypto = samlRealm.getSignatureCrypto();
-                    callbackHandler = samlRealm.getCallbackHandler();
-                    alias = samlRealm.getSignatureAlias();
-                }
-                // SignatureProperties can be defined independently of SignatureCrypto
-                if (samlRealm.getSignatureProperties() != null) {
-                    signatureProperties = samlRealm.getSignatureProperties();
-                }
-            }
             
-            // Get the signature algorithm to use
-            String signatureAlgorithm = tokenParameters.getKeyRequirements().getSignatureAlgorithm();
-            if (signatureAlgorithm == null) {
-                // If none then default to what is configured
-                signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
-            } else {
-                List<String> supportedAlgorithms = 
-                    signatureProperties.getAcceptedSignatureAlgorithms();
-                if (!supportedAlgorithms.contains(signatureAlgorithm)) {
-                    signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
-                    LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
-                }
-            }
-            
-            // Get the c14n algorithm to use
-            String c14nAlgorithm = tokenParameters.getKeyRequirements().getC14nAlgorithm();
-            if (c14nAlgorithm == null) {
-                // If none then default to what is configured
-                c14nAlgorithm = signatureProperties.getC14nAlgorithm();
-            } else {
-                List<String> supportedAlgorithms = 
-                    signatureProperties.getAcceptedC14nAlgorithms();
-                if (!supportedAlgorithms.contains(c14nAlgorithm)) {
-                    c14nAlgorithm = signatureProperties.getC14nAlgorithm();
-                    LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
-                }
-            }
-            
-            // If alias not defined, get the default of the SignatureCrypto
-            if ((alias == null || "".equals(alias)) && (signatureCrypto != null))
{
-                alias = signatureCrypto.getDefaultX509Identifier();
-                LOG.fine("Signature alias is null so using default alias: " + alias);
-            }
-            // Get the password
-            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
-            LOG.fine("Creating SAML Token");
-            callbackHandler.handle(cb);
-            String password = cb[0].getPassword();
-    
-            LOG.fine("Signing SAML Token");
-            boolean useKeyValue = signatureProperties.isUseKeyValue();
-            assertion.signAssertion(
-                alias, password, signatureCrypto, useKeyValue, c14nAlgorithm, signatureAlgorithm
-            );
+            signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements());
         } else {
             if (assertion.getSaml1().getSignature() != null) {
                 assertion.getSaml1().setSignature(null);
@@ -550,7 +485,7 @@ public class SAMLTokenRenewer implements TokenRenewer {
         // Conditions on the token
         Map<String, Object> additionalProperties = renewerParameters.getAdditionalProperties();
         if (additionalProperties == null) {
-            additionalProperties = new HashMap<String, Object>();
+            additionalProperties = new HashMap<>(1);
         }
         additionalProperties.put(ReceivedToken.class.getName(), renewerParameters.getToken());
         providerParameters.setAdditionalProperties(additionalProperties);
@@ -618,11 +553,11 @@ public class SAMLTokenRenewer implements TokenRenewer {
             final List<WSHandlerResult> handlerResults = 
                 CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
 
-            List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
+            List<WSSecurityEngineResult> signedResults = new ArrayList<>();
             if (handlerResults != null && handlerResults.size() > 0) {
                 WSHandlerResult handlerResult = handlerResults.get(0);
                 List<WSSecurityEngineResult> results = handlerResult.getResults();
-                final List<Integer> signedActions = new ArrayList<Integer>(2);
+                final List<Integer> signedActions = new ArrayList<>(2);
                 signedActions.add(WSConstants.SIGN);
                 signedActions.add(WSConstants.UT_SIGN);
                 

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
index 9bf765c..8ba1613 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
@@ -257,7 +257,7 @@ public class SAMLTokenValidator implements TokenValidator {
             }
             
             // Add the SamlAssertionWrapper to the properties, as the claims are required
to be transformed
-            Map<String, Object> addProps = new HashMap<String, Object>();
+            Map<String, Object> addProps = new HashMap<>(1);
             addProps.put(SamlAssertionWrapper.class.getName(), assertion);
             response.setAdditionalProperties(addProps);
             response.setPrincipal(principal);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
index 1d10576..4e2d8a2 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SCTValidator.java
@@ -108,7 +108,7 @@ public class SCTValidator implements TokenValidator {
                     return response;
                 }
                 byte[] secret = token.getSecret();
-                Map<String, Object> properties = new HashMap<String, Object>();
+                Map<String, Object> properties = new HashMap<>(1);
                 properties.put(SCT_VALIDATOR_SECRET, secret);
                 response.setAdditionalProperties(properties);
                 response.setPrincipal(token.getPrincipal());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
index b748f6a..31082ce 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
@@ -141,7 +141,7 @@ public class UsernameTokenValidator implements TokenValidator {
         // Marshall the received JAXB object into a DOM Element
         Element usernameTokenElement = null;
         try {
-            Set<Class<?>> classes = new HashSet<Class<?>>();
+            Set<Class<?>> classes = new HashSet<>();
             classes.add(ObjectFactory.class);
             classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
                     

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
index 09a342e..65bb9c8 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
@@ -147,10 +147,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
         resultsList.add(new WSHandlerResult("actor", engineResultList));
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
-        parser.parseRequest(request, wsContext, null, null);
+        RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);
         
         SCTCanceller sctCanceller = new SCTCanceller();
-        assertTrue(sctCanceller.canHandleToken(parser.getTokenRequirements().getCancelTarget()));
+        assertTrue(sctCanceller.canHandleToken(requestRequirements.getTokenRequirements().getCancelTarget()));
     }
 
     /**
@@ -178,10 +178,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
         resultsList.add(new WSHandlerResult("actor", engineResultList));
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
-        parser.parseRequest(request, wsContext, null, null);
+        RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);
         
         SCTValidator sctValidator = new SCTValidator();
-        assertTrue(sctValidator.canHandleToken(parser.getTokenRequirements().getValidateTarget()));
+        assertTrue(sctValidator.canHandleToken(requestRequirements.getTokenRequirements().getValidateTarget()));
     }
     
     /**
@@ -210,9 +210,9 @@ public class RequestParserUnitTest extends org.junit.Assert {
         resultsList.add(new WSHandlerResult("actor", engineResultList));
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
-        parser.parseRequest(request, wsContext, null, null);
+        RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);
         
-        assertNotNull(parser.getKeyRequirements().getReceivedKey().getX509Cert());
+        assertNotNull(requestRequirements.getKeyRequirements().getReceivedKey().getX509Cert());
     }
     
     private Document parseStringToElement(String str) throws Exception {


Mime
View raw message