cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Minor refactor
Date Thu, 26 Mar 2015 13:03:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 399c5bb56 -> 74aea1227


Minor refactor


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/74aea122
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/74aea122
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/74aea122

Branch: refs/heads/master
Commit: 74aea1227832d3000f2f9fe61d7cc3bcb8a60a79
Parents: b1b3fc2
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 26 11:23:25 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 26 12:03:32 2015 +0000

----------------------------------------------------------------------
 .../AbstractSupportingTokenPolicyValidator.java | 101 +++++++++++--------
 1 file changed, 57 insertions(+), 44 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/74aea122/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index 709998d..f74b2db 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -92,24 +92,13 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec
             return true;
         }
         
-        List<WSSecurityEngineResult> tokenResults = new ArrayList<>();
-        tokenResults.addAll(parameters.getUsernameTokenResults());
-        List<WSSecurityEngineResult> dktResults = new ArrayList<>();
-        for (WSSecurityEngineResult wser : parameters.getUsernameTokenResults()) {
-            if (derived) {
-                byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                WSSecurityEngineResult dktResult = 
-                    getMatchingDerivedKey(secret, parameters.getResults());
-                if (dktResult != null) {
-                    dktResults.add(dktResult);
-                }
-            }
-        }
-        
-        if (tokenResults.isEmpty()) {
+        if (parameters.getUsernameTokenResults().isEmpty()) {
             return false;
         }
         
+        List<WSSecurityEngineResult> tokenResults = new ArrayList<>();
+        tokenResults.addAll(parameters.getUsernameTokenResults());
+        
         if (isSigned() && !areTokensSigned(tokenResults, parameters.getSignedResults(),
                                            parameters.getEncryptedResults(),
                                            parameters.getMessage())) {
@@ -119,7 +108,20 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
                                                  parameters.getMessage())) {
             return false;
         }
-        tokenResults.addAll(dktResults);
+        
+        if (derived) {
+            for (WSSecurityEngineResult wser : parameters.getUsernameTokenResults()) {
+                byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
+                if (secret != null) {
+                    WSSecurityEngineResult dktResult = 
+                        getMatchingDerivedKey(secret, parameters.getResults());
+                    if (dktResult != null) {
+                        tokenResults.add(dktResult);
+                    }
+                }
+            }
+        }
+        
         if ((isEndorsing() && !checkEndorsed(tokenResults, parameters.getSignedResults(),
                                              parameters.getMessage(),
                                              parameters.getTimestampElement())) 
@@ -172,21 +174,12 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
      */
     protected boolean processKerberosTokens(PolicyValidatorParameters parameters, boolean
derived) {
         List<WSSecurityEngineResult> tokenResults = new ArrayList<>();
-        List<WSSecurityEngineResult> dktResults = new ArrayList<>();
         for (WSSecurityEngineResult wser : parameters.getResults()) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.BST) {
                 BinarySecurity binarySecurity = 
                     (BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
                 if (binarySecurity instanceof KerberosSecurity) {
-                    if (derived) {
-                        byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                        WSSecurityEngineResult dktResult = 
-                            getMatchingDerivedKey(secret, parameters.getResults());
-                        if (dktResult != null) {
-                            dktResults.add(dktResult);
-                        }
-                    }
                     tokenResults.add(wser);
                 }
             }
@@ -205,7 +198,19 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
                                                  parameters.getMessage())) {
             return false;
         }
-        tokenResults.addAll(dktResults);
+        
+        if (derived) {
+            List<WSSecurityEngineResult> dktResults = new ArrayList<>(tokenResults.size());
+            for (WSSecurityEngineResult wser : tokenResults) {
+                byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
+                WSSecurityEngineResult dktResult = 
+                    getMatchingDerivedKey(secret, parameters.getResults());
+                if (dktResult != null) {
+                    dktResults.add(dktResult);
+                }
+            }
+            tokenResults.addAll(dktResults);
+        }
         if (isEndorsing() && !checkEndorsed(tokenResults, parameters.getSignedResults(),
                                             parameters.getMessage(),
                                             parameters.getTimestampElement())) {
@@ -227,7 +232,6 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec
      */
     protected boolean processX509Tokens(PolicyValidatorParameters parameters, boolean derived)
{
         List<WSSecurityEngineResult> tokenResults = new ArrayList<>();
-        List<WSSecurityEngineResult> dktResults = new ArrayList<>();
         for (WSSecurityEngineResult wser : parameters.getResults()) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.BST) {
@@ -235,13 +239,6 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
                     (BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
                 if (binarySecurity instanceof X509Security
                     || binarySecurity instanceof PKIPathSecurity) {
-                    if (derived) {
-                        WSSecurityEngineResult resultToStore = 
-                            processX509DerivedTokenResult(wser, parameters.getResults());
-                        if (resultToStore != null) {
-                            dktResults.add(resultToStore);
-                        }
-                    }
                     tokenResults.add(wser);
                 }
             }
@@ -260,7 +257,19 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
                                                  parameters.getMessage())) {
             return false;
         }
-        tokenResults.addAll(dktResults);
+        
+        if (derived) {
+            List<WSSecurityEngineResult> dktResults = new ArrayList<>(tokenResults.size());
+            for (WSSecurityEngineResult wser : tokenResults) {
+                WSSecurityEngineResult resultToStore = 
+                    processX509DerivedTokenResult(wser, parameters.getResults());
+                if (resultToStore != null) {
+                    dktResults.add(resultToStore);
+                }
+            }
+            tokenResults.addAll(dktResults);
+        }
+        
         if (isEndorsing() && !checkEndorsed(tokenResults, parameters.getSignedResults(),
                                             parameters.getMessage(),
                                             parameters.getTimestampElement())) {
@@ -351,17 +360,9 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
      */
     protected boolean processSCTokens(PolicyValidatorParameters parameters, boolean derived)
{
         List<WSSecurityEngineResult> tokenResults = new ArrayList<>();
-        List<WSSecurityEngineResult> dktResults = new ArrayList<>();
         for (WSSecurityEngineResult wser : parameters.getResults()) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.SCT) {
-                if (derived) {
-                    byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                    WSSecurityEngineResult dktResult = getMatchingDerivedKey(secret, parameters.getResults());
-                    if (dktResult != null) {
-                        dktResults.add(dktResult);
-                    }
-                }
                 tokenResults.add(wser);
             }
         }
@@ -379,7 +380,19 @@ public abstract class AbstractSupportingTokenPolicyValidator extends
AbstractSec
                                                  parameters.getMessage())) {
             return false;
         }
-        tokenResults.addAll(dktResults);
+        
+        if (derived) {
+            List<WSSecurityEngineResult> dktResults = new ArrayList<>(tokenResults.size());
+            for (WSSecurityEngineResult wser : tokenResults) {
+                byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
+                WSSecurityEngineResult dktResult = getMatchingDerivedKey(secret, parameters.getResults());
+                if (dktResult != null) {
+                    dktResults.add(dktResult);
+                }
+            }
+            tokenResults.addAll(dktResults);
+        }
+        
         if (isEndorsing() && !checkEndorsed(tokenResults, parameters.getSignedResults(),
                                             parameters.getMessage(),
                                             parameters.getTimestampElement())) {


Mime
View raw message