cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Picking up latest WSS4J changes
Date Fri, 10 Apr 2015 14:32:13 GMT
Picking up latest WSS4J changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/731d7df1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/731d7df1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/731d7df1

Branch: refs/heads/master
Commit: 731d7df1181d717e2dc867c9e00118f974de6179
Parents: e3624e6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Apr 10 15:11:40 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Apr 10 15:32:05 2015 +0100

----------------------------------------------------------------------
 .../wss4j/UsernameTokenInterceptor.java         | 13 +++++---
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  3 +-
 .../ws/security/wss4j/WSS4JOutInterceptor.java  |  1 -
 .../policyhandlers/AbstractBindingBuilder.java  | 34 +++++++++++++-------
 .../AsymmetricBindingHandler.java               |  9 ++++--
 .../policyhandlers/SymmetricBindingHandler.java | 12 ++++---
 .../policyhandlers/TransportBindingHandler.java |  9 ++++--
 .../policyhandlers/WSSecurityTokenHolder.java   |  5 ++-
 8 files changed, 54 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index a083eeb..d3a5f36 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -209,9 +209,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
             );
         data.setNonceReplayCache(nonceCache);
 
-        WSSConfig config = WSSConfig.getNewInstance();
-        config.setAllowUsernameTokenNoPassword(allowNoPassword);
-        data.setWssConfig(config);
+        data.setAllowUsernameTokenNoPassword(allowNoPassword);
+        data.setWssConfig(WSSConfig.getNewInstance());
         if (!bspCompliant) {
             data.setDisableBSPEnforcement(true);
         }
@@ -395,7 +394,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
         if (!StringUtils.isEmpty(userName)) {
             // If NoPassword property is set we don't need to set the password
             if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                utBuilder.setIdAllocator(wssConfig.getIdAllocator());
+                utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
                 return utBuilder;
@@ -408,7 +409,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
             
             if (!StringUtils.isEmpty(password)) {
                 //If the password is available then build the token
-                WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                utBuilder.setIdAllocator(wssConfig.getIdAllocator());
+                utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
                 if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                     utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
                 } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 8212eed..35a2ac8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -281,7 +281,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             
             if (!(wsResult.getResults() == null || wsResult.getResults().isEmpty())) { 
                 // security header found
-                if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
+                if (reqData.isEnableSignatureConfirmation()) {
                     checkSignatureConfirmation(reqData, wsResult);
                 }
 
@@ -332,7 +332,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         } catch (SOAPException e) {
             throw new SoapFault(new Message("SAAJ_EX", LOG), e, version.getSender());
         } finally {
-            reqData.clear();
             reqData = null;
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 8d2c402..37cb572 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -282,7 +282,6 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
                 throw new SoapFault(new Message("SECURITY_FAILED", LOG), e, version
                         .getSender());
             } finally {
-                reqData.clear();
                 reqData = null;
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 177b598..9cb41fd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -317,7 +317,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             if (ttl <= 0) {
                 ttl = 300;
             }
-            timestampEl = new WSSecTimestamp(wssConfig);
+            timestampEl = new WSSecTimestamp();
+            timestampEl.setIdAllocator(wssConfig.getIdAllocator());
+            timestampEl.setWsTimeSource(wssConfig.getCurrentTime());
             timestampEl.setTimeToLive(ttl);
             timestampEl.prepare(saaj.getSOAPPart());
             
@@ -450,11 +452,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
                 if (secToken.getX509Certificate() == null) {  
                     ret.add(
-                        new SupportingToken(token, new WSSecurityTokenHolder(wssConfig, secToken),
+                        new SupportingToken(token, new WSSecurityTokenHolder(secToken),
                                             getSignedParts(suppTokens))
                     );
                 } else {
-                    WSSecSignature sig = new WSSecSignature(wssConfig);
+                    WSSecSignature sig = new WSSecSignature();
+                    sig.setIdAllocator(wssConfig.getIdAllocator());
                     sig.setCallbackLookup(callbackLookup);
                     sig.setX509Certificate(secToken.getX509Certificate());
                     sig.setCustomTokenId(id);
@@ -725,7 +728,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
         String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
         if (!StringUtils.isEmpty(userName)) {
-            WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
+            WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+            utBuilder.setIdAllocator(wssConfig.getIdAllocator());
+            utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
+            
             // If NoPassword property is set we don't need to set the password
             if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                 utBuilder.setUserInfo(userName, null);
@@ -772,7 +778,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
         String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
         if (!StringUtils.isEmpty(userName)) {
-            WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
+            WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+            utBuilder.setIdAllocator(wssConfig.getIdAllocator());
+            utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
             
             String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
             if (StringUtils.isEmpty(password)) {
@@ -1347,7 +1355,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     
     protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractTokenWrapper wrapper, 
                                                        AbstractToken token) throws WSSecurityException
{
-        WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
+        WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+        encrKey.setIdAllocator(wssConfig.getIdAllocator());
         encrKey.setCallbackLookup(callbackLookup);
         Crypto crypto = getEncryptionCrypto(wrapper);
         message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
@@ -1670,7 +1679,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected WSSecSignature getSignatureBuilder(
         AbstractTokenWrapper wrapper, AbstractToken token, boolean attached, boolean endorse
     ) throws WSSecurityException {
-        WSSecSignature sig = new WSSecSignature(wssConfig);
+        WSSecSignature sig = new WSSecSignature();
+        sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
         sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
         checkForX509PkiPath(sig, token);
@@ -1782,7 +1792,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
         sig.setDigestAlgo(algType.getDigest());
         sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
-        sig.setWsConfig(wssConfig);
         try {
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
         } catch (WSSecurityException e) {
@@ -1885,7 +1894,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         throws WSSecurityException {
         
         Document doc = saaj.getSOAPPart();
-        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        WSSecDKSign dkSign = new WSSecDKSign();
+        dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
         
         //Check whether it is security policy 1.2 and use the secure conversation accordingly
@@ -1964,7 +1974,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         throws WSSecurityException {
         
         Document doc = saaj.getSOAPPart();
-        WSSecSignature sig = new WSSecSignature(wssConfig);
+        WSSecSignature sig = new WSSecSignature();
+        sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
         
         // If a EncryptedKeyToken is used, set the correct value type to
@@ -2106,7 +2117,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
         sigConfList = new ArrayList<>();
         // prepare a SignatureConfirmation token
-        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
+        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+        wsc.setIdAllocator(wssConfig.getIdAllocator());
         if (signatureActions.size() > 0) {
             for (WSSecurityEngineResult wsr : signatureActions) {
                 byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 0900c21..efc03b4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -451,7 +451,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 try {
-                    WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+                    WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+                    dkEncr.setIdAllocator(wssConfig.getIdAllocator());
                     dkEncr.setCallbackLookup(callbackLookup);
                     if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                         dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
@@ -480,7 +481,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                 }
             } else {
                 try {
-                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+                    WSSecEncrypt encr = new WSSecEncrypt();
+                    encr.setIdAllocator(wssConfig.getIdAllocator());
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     
@@ -616,7 +618,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             // Set up the encrypted key to use
             setupEncryptedKey(wrapper, sigToken);
             
-            WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+            WSSecDKSign dkSign = new WSSecDKSign();
+            dkSign.setIdAllocator(wssConfig.getIdAllocator());
             dkSign.setCallbackLookup(callbackLookup);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSign.setWscVersion(ConversationConstants.VERSION_05_02);

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index bcc2c6e..e16a550 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -400,7 +400,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                                           List<WSEncryptionPart> encrParts,
                                           boolean atEnd) {
         try {
-            WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+            WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+            dkEncr.setIdAllocator(wssConfig.getIdAllocator());
             dkEncr.setCallbackLookup(callbackLookup);
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
@@ -514,7 +515,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                                            attached, encrParts, atEnd);
             } else {
                 try {
-                    WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
+                    WSSecEncrypt encr = new WSSecEncrypt();
+                    encr.setIdAllocator(wssConfig.getIdAllocator());
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     String encrTokId = encrTok.getId();
@@ -626,7 +628,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                                SecurityToken tok,
                                boolean included) throws WSSecurityException {
         Document doc = saaj.getSOAPPart();
-        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        WSSecDKSign dkSign = new WSSecDKSign();
+        dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
         if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11)
{
             dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
@@ -753,7 +756,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         if (policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
         } else {
-            WSSecSignature sig = new WSSecSignature(wssConfig);
+            WSSecSignature sig = new WSSecSignature();
+            sig.setIdAllocator(wssConfig.getIdAllocator());
             sig.setCallbackLookup(callbackLookup);
             sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             // If a EncryptedKeyToken is used, set the correct value type to

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index e86ca83..8423500 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -358,7 +358,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
             }
             encrKey.appendToHeader(secHeader);
             
-            WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
+            WSSecDKSign dkSig = new WSSecDKSign();
+            dkSig.setIdAllocator(wssConfig.getIdAllocator());
             dkSig.setCallbackLookup(callbackLookup);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSig.setWscVersion(ConversationConstants.VERSION_05_02);
@@ -447,7 +448,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         List<WSEncryptionPart> sigParts
     ) throws Exception {
         //Do Signature with derived keys
-        WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+        WSSecDKSign dkSign = new WSSecDKSign();
+        dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
         AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
 
@@ -497,7 +499,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         SupportingTokens wrapper,
         List<WSEncryptionPart> sigParts
     ) throws Exception {
-        WSSecSignature sig = new WSSecSignature(wssConfig);
+        WSSecSignature sig = new WSSecSignature();
+        sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
         
         //Setting the AttachedReference or the UnattachedReference according to the flag

http://git-wip-us.apache.org/repos/asf/cxf/blob/731d7df1/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
index 02722b5..14d35b4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
@@ -20,7 +20,6 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.message.WSSecBase;
 
 /**
@@ -29,8 +28,8 @@ import org.apache.wss4j.dom.message.WSSecBase;
 public class WSSecurityTokenHolder extends WSSecBase {
     SecurityToken token;
     
-    public WSSecurityTokenHolder(WSSConfig config, SecurityToken t) {
-        super(config);
+    public WSSecurityTokenHolder(SecurityToken t) {
+        super();
         token = t;
     }
     


Mime
View raw message