cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [04/10] cxf git commit: Using a new CXFCallbackLookup
Date Fri, 13 Mar 2015 11:07:45 GMT
Using a new CXFCallbackLookup


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/77372254
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/77372254
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/77372254

Branch: refs/heads/master
Commit: 7737225402d3a7b2e669ee8ecf54de10af686f20
Parents: 80d7128
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Feb 24 16:02:16 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Feb 24 16:02:16 2015 +0000

----------------------------------------------------------------------
 .../ws/security/wss4j/CXFCallbackLookup.java    | 50 ++++++++++++++++++++
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   | 27 ++++++-----
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  5 ++
 .../policyhandlers/AbstractBindingBuilder.java  | 23 +++++++--
 .../AsymmetricBindingHandler.java               |  5 +-
 .../policyhandlers/SymmetricBindingHandler.java | 11 +++--
 .../policyhandlers/TransportBindingHandler.java |  5 +-
 7 files changed, 107 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
new file mode 100644
index 0000000..be8dbe0
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.wss4j.dom.message.DOMCallbackLookup;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+
+/**
+ * This class uses a DOM-based approach to locate Elements that are referenced via an Id.
+ */
+public class CXFCallbackLookup extends DOMCallbackLookup {
+    
+    private Document doc;
+    private Element soapBody;
+    
+    public CXFCallbackLookup(Document doc, Element soapBody) {
+        super(doc);
+        this.soapBody = soapBody;
+    }
+    
+    /**
+     * Get the SOAP Body
+     */
+    @Override
+    public Element getSOAPBody() {
+        if (soapBody != null) {
+            return soapBody;
+        }
+        return WSSecurityUtil.findBodyElement(doc);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 98a6330..54faf7e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -120,7 +120,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
         }
         
         private void handleMessageInternal(SoapMessage message) throws Fault {
-            Collection<AssertionInfo> ais;
             SOAPMessage saaj = message.getContent(SOAPMessage.class);
 
             boolean mustUnderstand = 
@@ -133,7 +132,7 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
             // extract Assertion information
             if (aim != null) {
                 AbstractBinding transport = null;
-                ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+                Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
                 if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         transport = (AbstractBinding)ai.getAssertion();
@@ -191,15 +190,21 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
                         transport.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
                     }
 
-                    if (transport instanceof TransportBinding) {
-                        new TransportBindingHandler(config, (TransportBinding)transport,
saaj,
-                                                    secHeader, aim, message).handleBinding();
-                    } else if (transport instanceof SymmetricBinding) {
-                        new SymmetricBindingHandler(config, (SymmetricBinding)transport,
saaj,
-                                                     secHeader, aim, message).handleBinding();
-                    } else {
-                        new AsymmetricBindingHandler(config, (AsymmetricBinding)transport,
saaj,
-                                                     secHeader, aim, message).handleBinding();
+                    try {
+                        if (transport instanceof TransportBinding) {
+                            new TransportBindingHandler(config, (TransportBinding)transport,
saaj,
+                                                        secHeader, aim, message).handleBinding();
+                        } else if (transport instanceof SymmetricBinding) {
+                            new SymmetricBindingHandler(config, (SymmetricBinding)transport,
saaj,
+                                                         secHeader, aim, message).handleBinding();
+                        } else {
+                            new AsymmetricBindingHandler(config, (AsymmetricBinding)transport,
saaj,
+                                                         secHeader, aim, message).handleBinding();
+                        }
+                    } catch (SOAPException e) {
+                        throw new SoapFault(
+                            new Message("SECURITY_FAILED", LOG), e, message.getVersion().getSender()
+                        );
                     }
                     
                     if (el.getFirstChild() == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index b8c71a7..4e20831 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -273,6 +273,11 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                 || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
             reqData.setEnableRevocation(enableRevocation);
             
+            Element soapBody = SAAJUtils.getBody(doc);
+            if (soapBody != null) {
+                engine.setCallbackLookup(new CXFCallbackLookup(soapBody.getOwnerDocument(),
soapBody));
+            }
+            
             Element elem = 
                 WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion()
!= 1.1);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index a6cd14a..6e62d0a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -71,6 +71,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
+import org.apache.cxf.ws.security.wss4j.CXFCallbackLookup;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.cxf.wsdl.WSDLConstants;
 import org.apache.neethi.Assertion;
@@ -95,6 +96,7 @@ import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.bsp.BSPEnforcer;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.CallbackLookup;
 import org.apache.wss4j.dom.message.WSSecBase;
 import org.apache.wss4j.dom.message.WSSecDKSign;
 import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -169,6 +171,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected Element bstElement;
     protected Element lastEncryptedKeyElement;
     
+    protected final CallbackLookup callbackLookup;
+    
     private Element lastSupportingTokenElement;
     private Element lastDerivedKeyElement;
     
@@ -182,7 +186,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                            SOAPMessage saaj,
                            WSSecHeader secHeader,
                            AssertionInfoMap aim,
-                           SoapMessage message) {
+                           SoapMessage message) throws SOAPException {
         super(message);
         this.wssConfig = config;
         this.binding = binding;
@@ -190,6 +194,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         this.secHeader = secHeader;
         this.saaj = saaj;
         message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
+        
+        Element soapBody = SAAJUtils.getBody(saaj);
+        if (soapBody != null) {
+            callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
+        } else {
+            callbackLookup = null;
+        }
     }
     
     protected void insertAfter(Element child, Element sib) {
@@ -450,7 +461,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                                             getSignedParts(suppTokens))
                     );
                 } else {
-                    WSSecSignature sig = new WSSecSignature(wssConfig);                 
  
+                    WSSecSignature sig = new WSSecSignature(wssConfig);
+                    sig.setCallbackLookup(callbackLookup);
                     sig.setX509Certificate(secToken.getX509Certificate());
                     sig.setCustomTokenId(id);
                     sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
@@ -1375,6 +1387,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractTokenWrapper wrapper, 
                                                        AbstractToken token) throws WSSecurityException
{
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
+        encrKey.setCallbackLookup(callbackLookup);
         Crypto crypto = getEncryptionCrypto(wrapper);
         message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
         setKeyIdentifierType(encrKey, wrapper, token);
@@ -1668,6 +1681,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         AbstractTokenWrapper wrapper, AbstractToken token, boolean attached, boolean endorse
     ) throws WSSecurityException {
         WSSecSignature sig = new WSSecSignature(wssConfig);
+        sig.setCallbackLookup(callbackLookup);
         sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken || token instanceof SamlToken) {
@@ -1881,7 +1895,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         throws WSSecurityException {
         
         Document doc = saaj.getSOAPPart();
-        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);  
+        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        dkSign.setCallbackLookup(callbackLookup);
         
         //Check whether it is security policy 1.2 and use the secure conversation accordingly
         if (policyToken.getVersion() == SPConstants.SPVersion.SP11) {
@@ -1964,6 +1979,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
         Document doc = saaj.getSOAPPart();
         WSSecSignature sig = new WSSecSignature(wssConfig);
+        sig.setCallbackLookup(callbackLookup);
+        
         // If a EncryptedKeyToken is used, set the correct value type to
         // be used in the wsse:Reference in ds:KeyInfo
         if (policyToken instanceof X509Token) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ddacef4..fc3aa8b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -90,7 +90,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
-                                    SoapMessage message) {
+                                    SoapMessage message) throws SOAPException {
         super(config, binding, saaj, secHeader, aim, message);
         this.abinding = binding;
         protectionOrder = binding.getProtectionOrder();
@@ -452,6 +452,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 try {
                     WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+                    dkEncr.setCallbackLookup(callbackLookup);
                     if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                         dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
                     }
@@ -480,6 +481,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             } else {
                 try {
                     WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+                    encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     
                     encr.setDocument(saaj.getSOAPPart());
@@ -615,6 +617,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             setupEncryptedKey(wrapper, sigToken);
             
             WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+            dkSign.setCallbackLookup(callbackLookup);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8fa9972..c04597c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -27,6 +27,7 @@ import java.util.logging.Level;
 
 import javax.xml.crypto.dsig.Reference;
 import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Document;
@@ -81,15 +82,15 @@ import org.apache.wss4j.policy.model.X509Token;
  * 
  */
 public class SymmetricBindingHandler extends AbstractBindingBuilder {
-    SymmetricBinding sbinding;
-    TokenStore tokenStore;
+    private final SymmetricBinding sbinding;
+    private final TokenStore tokenStore;
     
     public SymmetricBindingHandler(WSSConfig config, 
                                    SymmetricBinding binding,
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
-                                    SoapMessage message) {
+                                    SoapMessage message) throws SOAPException {
         super(config, binding, saaj, secHeader, aim, message);
         this.sbinding = binding;
         tokenStore = getTokenStore();
@@ -398,6 +399,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                                           boolean atEnd) {
         try {
             WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+            dkEncr.setCallbackLookup(callbackLookup);
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -511,6 +513,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             } else {
                 try {
                     WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+                    encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     String encrTokId = encrTok.getId();
                     if (attached) {
@@ -622,6 +625,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                                boolean included) throws WSSecurityException {
         Document doc = saaj.getSOAPPart();
         WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        dkSign.setCallbackLookup(callbackLookup);
         if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11)
{
             dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
         }
@@ -747,6 +751,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
         } else {
             WSSecSignature sig = new WSSecSignature(wssConfig);
+            sig.setCallbackLookup(callbackLookup);
             sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             // If a EncryptedKeyToken is used, set the correct value type to
             // be used in the wsse:Reference in ds:KeyInfo

http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 5ec749e..1f8a21c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -87,7 +87,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
                                     AssertionInfoMap aim,
-                                    SoapMessage message) {
+                                    SoapMessage message) throws SOAPException {
         super(config, binding, saaj, secHeader, aim, message);
         this.tbinding = binding;
     }
@@ -364,6 +364,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
             encrKey.appendToHeader(secHeader);
             
             WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
+            dkSig.setCallbackLookup(callbackLookup);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSig.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -452,6 +453,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
     ) throws Exception {
         //Do Signature with derived keys
         WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        dkSign.setCallbackLookup(callbackLookup);
         AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
 
         //Setting the AttachedReference or the UnattachedReference according to the flag
@@ -501,6 +503,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         List<WSEncryptionPart> sigParts
     ) throws Exception {
         WSSecSignature sig = new WSSecSignature(wssConfig);
+        sig.setCallbackLookup(callbackLookup);
         
         //Setting the AttachedReference or the UnattachedReference according to the flag
         Element ref;


Mime
View raw message