cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Picking up latest WSS4J changes
Date Wed, 01 Apr 2015 17:05:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 02a35f0bf -> 2616fd041


Picking up latest WSS4J changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2616fd04
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2616fd04
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2616fd04

Branch: refs/heads/master
Commit: 2616fd04151e5bb7b8a31428f8a9fd0c957dfb48
Parents: 02a35f0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Sat Mar 28 15:38:42 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 1 18:04:59 2015 +0100

----------------------------------------------------------------------
 .../wss4j/BinarySecurityTokenInterceptor.java   |  6 +++--
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    | 16 +++++++------
 .../ws/security/wss4j/SamlTokenInterceptor.java | 13 +++++++---
 .../wss4j/UsernameTokenInterceptor.java         |  6 +++--
 .../ws/security/wss4j/WSS4JInInterceptor.java   | 25 ++++++++++----------
 .../cxf/sts/request/RequestParserUnitTest.java  | 19 +++++++--------
 .../token/renewer/SAMLTokenRenewerPOPTest.java  | 14 +++++++----
 7 files changed, 57 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
index 7c3e1ef..b28cddc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
@@ -21,10 +21,10 @@ package org.apache.cxf.ws.security.wss4j;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.headers.Header;
 import org.apache.cxf.helpers.CastUtils;
@@ -76,7 +76,9 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor
{
                             results = new ArrayList<>();
                             message.put(WSHandlerConstants.RECV_RESULTS, results);
                         }
-                        WSHandlerResult rResult = new WSHandlerResult(null, bstResults);
+                        WSHandlerResult rResult = 
+                            new WSHandlerResult(null, bstResults,
+                                                Collections.singletonMap(WSConstants.BST,
bstResults));
                         results.add(0, rResult);
 
                         assertTokens(message);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index f417a5e..683ea34 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -80,6 +80,7 @@ import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.message.token.Timestamp;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP11Constants;
@@ -596,7 +597,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         String actor,
         Element soapHeader,
         Element soapBody,
-        List<WSSecurityEngineResult> results, 
+        WSHandlerResult results, 
         boolean utWithCallbacks
     ) throws SOAPException, XMLStreamException, WSSecurityException {
         //
@@ -607,7 +608,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         actions.add(WSConstants.UT_SIGN);
         actions.add(WSConstants.ST_SIGNED);
         List<WSSecurityEngineResult> signedResults = 
-            WSSecurityUtil.fetchAllActionResults(results, actions);
+            WSSecurityUtil.fetchAllActionResults(results.getResults(), actions);
         Collection<WSDataRef> signed = new HashSet<>();
         for (WSSecurityEngineResult result : signedResults) {
             List<WSDataRef> sl = 
@@ -620,7 +621,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         }
         
         List<WSSecurityEngineResult> encryptResults = 
-            WSSecurityUtil.fetchAllActionResults(results, WSConstants.ENCR);
+            WSSecurityUtil.fetchAllActionResults(results.getResults(), WSConstants.ENCR);
         Collection<WSDataRef> encrypted = new HashSet<>();
         for (WSSecurityEngineResult result : encryptResults) {
             List<WSDataRef> sl = 
@@ -644,7 +645,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         parameters.setAssertionInfoMap(aim);
         parameters.setMessage(msg);
         parameters.setSoapBody(soapBody);
-        parameters.setResults(results);
+        parameters.setResults(results.getResults());
         parameters.setSignedResults(signedResults);
         parameters.setEncryptedResults(encryptResults);
         parameters.setUtWithCallbacks(utWithCallbacks);
@@ -653,18 +654,19 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         utActions.add(WSConstants.UT);
         utActions.add(WSConstants.UT_NOPASSWORD);
         List<WSSecurityEngineResult> utResults = 
-            WSSecurityUtil.fetchAllActionResults(results, utActions);
+            WSSecurityUtil.fetchAllActionResults(results.getResults(), utActions);
         parameters.setUsernameTokenResults(utResults);
         
         final List<Integer> samlActions = new ArrayList<>(2);
         samlActions.add(WSConstants.ST_SIGNED);
         samlActions.add(WSConstants.ST_UNSIGNED);
         List<WSSecurityEngineResult> samlResults = 
-            WSSecurityUtil.fetchAllActionResults(results, samlActions);
+            WSSecurityUtil.fetchAllActionResults(results.getResults(), samlActions);
         parameters.setSamlResults(samlResults);
         
         // Store the timestamp element
-        WSSecurityEngineResult tsResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+        WSSecurityEngineResult tsResult = 
+            WSSecurityUtil.fetchActionResult(results.getResults(), WSConstants.TS);
         Element timestamp = null;
         if (tsResult != null) {
             Timestamp ts = (Timestamp)tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index a184732..d00288f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -24,6 +24,7 @@ import java.security.Principal;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
 
@@ -31,7 +32,6 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.StringUtils;
@@ -99,8 +99,6 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
                             results = new ArrayList<>();
                             message.put(WSHandlerConstants.RECV_RESULTS, results);
                         }
-                        WSHandlerResult rResult = new WSHandlerResult(null, samlResults);
-                        results.add(0, rResult);
 
                         boolean signed = false;
                         for (WSSecurityEngineResult result : samlResults) {
@@ -113,6 +111,15 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
                         }
                         assertTokens(message, SPConstants.SAML_TOKEN, signed);
                         
+                        Integer key = WSConstants.ST_UNSIGNED;
+                        if (signed) {
+                            key = WSConstants.ST_SIGNED;
+                        }
+                        WSHandlerResult rResult = 
+                            new WSHandlerResult(null, samlResults,
+                                                Collections.singletonMap(key, samlResults));
+                        results.add(0, rResult);
+                        
                         // Check version against policy
                         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
                         for (AssertionInfo ai 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 4bec8ae..59f7005 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -22,13 +22,13 @@ package org.apache.cxf.ws.security.wss4j;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
 import javax.security.auth.Subject;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.headers.Header;
@@ -181,7 +181,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
             results = new ArrayList<>();
             message.put(WSHandlerConstants.RECV_RESULTS, results);
         }
-        WSHandlerResult rResult = new WSHandlerResult(null, v);
+        
+        WSHandlerResult rResult = 
+            new WSHandlerResult(null, v, Collections.singletonMap(action, v));
         results.add(0, rResult);
 
         assertTokens(message, principal, false);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index e749834..aa4794b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -244,6 +244,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             if (actor == null) {
                 actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
             }
+            reqData.setActor(actor);
 
             // Configure replay caching
             configureReplayCaches(reqData, actions, msg);
@@ -276,16 +277,15 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             Element elem = 
                 WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion()
!= 1.1);
 
-            List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
-                elem, reqData
-            );
+            WSHandlerResult wsResult = engine.processSecurityHeader(elem, reqData);
             
-            if (!wsResult.isEmpty()) { // security header found
+            if (!(wsResult.getResults() == null || wsResult.getResults().isEmpty())) { 
+                // security header found
                 if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
-                    checkSignatureConfirmation(reqData, wsResult);
+                    checkSignatureConfirmation(reqData, wsResult.getResults());
                 }
 
-                checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc));
+                checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc));
                 doResults(
                     msg, actor, 
                     SAAJUtils.getHeader(doc),
@@ -310,7 +310,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                               SAAJUtils.getBody(doc),
                               wsResult);
                 } else {
-                    checkActions(msg, reqData, wsResult, actions, SAAJUtils.getBody(doc));
+                    checkActions(msg, reqData, wsResult.getResults(), actions, SAAJUtils.getBody(doc));
                     doResults(msg, actor,
                               SAAJUtils.getHeader(doc),
                               SAAJUtils.getBody(doc),
@@ -490,7 +490,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         String actor, 
         Element soapHeader,
         Element soapBody,
-        List<WSSecurityEngineResult> wsResult
+        WSHandlerResult wsResult
     ) throws SOAPException, XMLStreamException, WSSecurityException {
         doResults(msg, actor, soapHeader, soapBody, wsResult, false);
     }
@@ -500,7 +500,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         String actor,
         Element soapHeader,
         Element soapBody,
-        List<WSSecurityEngineResult> wsResult, 
+        WSHandlerResult wsResult, 
         boolean utWithCallbacks
     ) throws SOAPException, XMLStreamException, WSSecurityException {
         /*
@@ -512,15 +512,14 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             results = new LinkedList<>();
             msg.put(WSHandlerConstants.RECV_RESULTS, results);
         }
-        WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
-        results.add(0, rResult);
+        results.add(0, wsResult);
         
         Boolean allowUnsignedSamlPrincipals = 
                 MessageUtils.getContextualBoolean(msg, 
                         SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, false);
         
-        for (int i = wsResult.size() - 1; i >= 0; i--) {
-            WSSecurityEngineResult o = wsResult.get(i);
+        for (int i = wsResult.getResults().size() - 1; i >= 0; i--) {
+            WSSecurityEngineResult o = wsResult.getResults().get(i);
             
             Integer action = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
index 65bb9c8..72ce349 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/request/RequestParserUnitTest.java
@@ -44,7 +44,6 @@ import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -141,10 +140,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
         RequestData reqData = new RequestData();
         reqData.setCallbackHandler(new PasswordCallbackHandler());
         
-        List<WSSecurityEngineResult> engineResultList = 
+        WSHandlerResult results = 
             securityEngine.processSecurityHeader(secHeaderElement, reqData);
-        List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
-        resultsList.add(new WSHandlerResult("actor", engineResultList));
+        List<WSHandlerResult> resultsList = new ArrayList<>();
+        resultsList.add(results);
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
         RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);
@@ -172,10 +171,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
         RequestData reqData = new RequestData();
         reqData.setCallbackHandler(new PasswordCallbackHandler());
         
-        List<WSSecurityEngineResult> engineResultList = 
+        WSHandlerResult results = 
             securityEngine.processSecurityHeader(secHeaderElement, reqData);
-        List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
-        resultsList.add(new WSHandlerResult("actor", engineResultList));
+        List<WSHandlerResult> resultsList = new ArrayList<>();
+        resultsList.add(results);
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
         RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);
@@ -204,10 +203,10 @@ public class RequestParserUnitTest extends org.junit.Assert {
         reqData.setSigVerCrypto(getCrypto());
         reqData.setCallbackHandler(new PasswordCallbackHandler());
         
-        List<WSSecurityEngineResult> engineResultList = 
+        WSHandlerResult results = 
             securityEngine.processSecurityHeader(secHeaderElement, reqData);
-        List<WSHandlerResult> resultsList = new ArrayList<WSHandlerResult>();
-        resultsList.add(new WSHandlerResult("actor", engineResultList));
+        List<WSHandlerResult> resultsList = new ArrayList<>();
+        resultsList.add(results);
         msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
         
         RequestRequirements requestRequirements = parser.parseRequest(request, wsContext,
null, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2616fd04/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
index a068209..e75e79d 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.sts.token.renewer;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Properties;
@@ -28,7 +29,6 @@ import javax.xml.ws.WebServiceContext;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.jaxws.context.WebServiceContextImpl;
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
 import org.apache.cxf.message.MessageImpl;
@@ -139,8 +139,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert {
         );
         signedResults.add(signedResult);
         
-        List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
-        WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
+        List<WSHandlerResult> handlerResults = new ArrayList<>();
+        WSHandlerResult handlerResult = 
+            new WSHandlerResult(null, signedResults,
+                                Collections.singletonMap(WSConstants.SIGN, signedResults));
         handlerResults.add(handlerResult);
         
         WebServiceContext context = validatorParameters.getWebServiceContext();
@@ -214,8 +216,10 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert {
         );
         signedResults.add(signedResult);
         
-        List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
-        WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
+        List<WSHandlerResult> handlerResults = new ArrayList<>();
+        WSHandlerResult handlerResult = 
+            new WSHandlerResult(null, signedResults,
+                                Collections.singletonMap(WSConstants.SIGN, signedResults));
         handlerResults.add(handlerResult);
         
         WebServiceContext context = validatorParameters.getWebServiceContext();


Mime
View raw message