cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf git commit: Refactor DefaultSubjectProvider to make it easier to subclass bits of functionality
Date Wed, 03 Jun 2015 14:32:11 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 02c588ce4 -> ef5751eef


Refactor DefaultSubjectProvider to make it easier to subclass bits of functionality

Conflicts:
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c28c439e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c28c439e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c28c439e

Branch: refs/heads/3.0.x-fixes
Commit: c28c439e445984d45d10ec658fc672b4f35a5e14
Parents: 02c588c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jun 3 14:56:55 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jun 3 15:20:59 2015 +0100

----------------------------------------------------------------------
 .../token/provider/DefaultSubjectProvider.java  | 107 +++++++++++++++----
 1 file changed, 86 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c28c439e/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index 7d28b57..c4e54f8 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -87,30 +87,47 @@ public class DefaultSubjectProvider implements SubjectProvider {
     public SubjectBean getSubject(
         TokenProviderParameters providerParameters, Document doc, byte[] secret
     ) {
-        TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
-        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
-        STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
-
-        String tokenType = tokenRequirements.getTokenType();
-        String keyType = keyRequirements.getKeyType();
-        String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
+        // 1. Get the principal
+        Principal principal = getPrincipal(providerParameters);
+        if (principal == null) {
+            LOG.fine("Error in getting principal");
+            throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
+        }
+        
+        // 2. Create the SubjectBean using the principal
+        SubjectBean subjectBean = createSubjectBean(principal, providerParameters);
         
+        // 3. Create the KeyInfoBean and set it on the SubjectBean
+        KeyInfoBean keyInfo = createKeyInfo(providerParameters, doc, secret);
+        subjectBean.setKeyInfo(keyInfo);
+        
+        return subjectBean;
+    }
+    
+    /**
+     * Get the Principal (which is used as the Subject). By default, we check the following
(in order):
+     *  - A valid OnBehalfOf principal
+     *  - A valid ActAs principal
+     *  - A valid principal associated with a token received as ValidateTarget
+     *  - The principal associated with the request. We don't need to check to see if it
is "valid" here, as it
+     *    is not parsed by the STS (but rather the WS-Security layer).
+     */
+    protected Principal getPrincipal(TokenProviderParameters providerParameters) {
         Principal principal = null;
-        ReceivedToken receivedToken = null;
         //TokenValidator in IssueOperation has validated the ReceivedToken
         //if validation was successful, the principal was set in ReceivedToken 
         if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
-            receivedToken = providerParameters.getTokenRequirements().getOnBehalfOf();  
 
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getOnBehalfOf();
   
             if (receivedToken.getState().equals(STATE.VALID)) {
                 principal = receivedToken.getPrincipal();
             }
         } else if (providerParameters.getTokenRequirements().getActAs() != null) {
-            receivedToken = providerParameters.getTokenRequirements().getActAs();
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getActAs();
             if (receivedToken.getState().equals(STATE.VALID)) {
                 principal = receivedToken.getPrincipal();
             }
         } else if (providerParameters.getTokenRequirements().getValidateTarget() != null)
{
-            receivedToken = providerParameters.getTokenRequirements().getValidateTarget();
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getValidateTarget();
             if (receivedToken.getState().equals(STATE.VALID)) {
                 principal = receivedToken.getPrincipal();
             }
@@ -118,10 +135,19 @@ public class DefaultSubjectProvider implements SubjectProvider {
             principal = providerParameters.getPrincipal();
         }
         
-        if (principal == null) {
-            LOG.fine("Error in getting principal");
-            throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
-        }
+        return principal;
+    }
+    
+    /**
+     * Create the SubjectBean using the specified principal.
+     */
+    protected SubjectBean createSubjectBean(Principal principal, TokenProviderParameters
providerParameters) {
+        TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
+        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
+
+        String tokenType = tokenRequirements.getTokenType();
+        String keyType = keyRequirements.getKeyType();
+        String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
         
         String subjectName = principal.getName();
         if (SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(subjectNameIDFormat)
@@ -145,6 +171,42 @@ public class DefaultSubjectProvider implements SubjectProvider {
             subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
         }
         
+        return subjectBean;
+    }
+        
+    /**
+     * Get the SubjectConfirmation method given a tokenType and keyType
+     */
+    protected String getSubjectConfirmationMethod(String tokenType, String keyType) {
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML_NS.equals(tokenType)) {
+            if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType) 
+                || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+                return SAML1Constants.CONF_HOLDER_KEY;
+            } else {
+                return SAML1Constants.CONF_BEARER;
+            }
+        } else {
+            if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType) 
+                || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+                return SAML2Constants.CONF_HOLDER_KEY;
+            } else {
+                return SAML2Constants.CONF_BEARER;
+            }
+        }
+    }
+    
+    /**
+     * Create and return the KeyInfoBean to be inserted into the SubjectBean
+     */
+    protected KeyInfoBean createKeyInfo(
+        TokenProviderParameters providerParameters, Document doc, byte[] secret
+    ) {
+        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
+        STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
+
+        String keyType = keyRequirements.getKeyType();
+        
         if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)) {
             Crypto crypto = stsProperties.getEncryptionCrypto();
 
@@ -180,8 +242,8 @@ public class DefaultSubjectProvider implements SubjectProvider {
                     throw new STSException("Encryption certificate is not found for alias:
" + encryptionName);
                 }
                 KeyInfoBean keyInfo = 
-                    createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
-                subjectBean.setKeyInfo(keyInfo);
+                    createEncryptedKeyKeyInfo(certs[0], secret, doc, encryptionProperties,
crypto);
+                return keyInfo;
             } catch (WSSecurityException ex) {
                 LOG.log(Level.WARNING, "", ex);
                 throw new STSException(ex.getMessage(), ex);
@@ -211,10 +273,10 @@ public class DefaultSubjectProvider implements SubjectProvider {
                 }
             }
             
-            KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());
-            subjectBean.setKeyInfo(keyInfo);
+            return createPublicKeyKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());
         }
         
+<<<<<<< HEAD
         return subjectBean;
     }
         
@@ -238,12 +300,15 @@ public class DefaultSubjectProvider implements SubjectProvider {
                 return SAML1Constants.CONF_BEARER;
             }
         }
+=======
+        return null;
+>>>>>>> 3348a29... Refactor DefaultSubjectProvider to make it easier
to subclass bits of functionality
     }
 
     /**
      * Create a KeyInfoBean that contains an X.509 certificate or Public Key
      */
-    protected static KeyInfoBean createKeyInfo(X509Certificate certificate, PublicKey publicKey)
{
+    protected static KeyInfoBean createPublicKeyKeyInfo(X509Certificate certificate, PublicKey
publicKey) {
         KeyInfoBean keyInfo = new KeyInfoBean();
 
         if (certificate != null) {
@@ -260,7 +325,7 @@ public class DefaultSubjectProvider implements SubjectProvider {
     /**
      * Create an EncryptedKey KeyInfo.
      */
-    protected static KeyInfoBean createKeyInfo(
+    protected static KeyInfoBean createEncryptedKeyKeyInfo(
         X509Certificate certificate, 
         byte[] secret,
         Document doc,


Mime
View raw message