cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Consolidate some code in WS-Security/STS
Date Mon, 17 Aug 2015 15:56:24 GMT
Repository: cxf
Updated Branches:
  refs/heads/master f37119381 -> 17dbc1215


Consolidate some code in WS-Security/STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/17dbc121
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/17dbc121
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/17dbc121

Branch: refs/heads/master
Commit: 17dbc121555c2140599a4da6232f57fa07f19bc1
Parents: f371193
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Aug 17 16:56:06 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Aug 17 16:56:19 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/wss4j/WSS4JUtils.java       | 30 ++++++++++++++++++++
 .../policyhandlers/AbstractBindingBuilder.java  | 28 +-----------------
 .../cxf/sts/operation/AbstractOperation.java    | 19 +++----------
 3 files changed, 35 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index 15e0368..7821703 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -22,7 +22,9 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.security.Key;
+import java.security.cert.X509Certificate;
 import java.util.Date;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Logger;
@@ -50,6 +52,9 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -312,4 +317,29 @@ public final class WSS4JUtils {
         }
         return signCrypto;
     }
+    
+    /**
+     * Get the certificate that was used to sign the request
+     */
+    public static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
+        if (results == null || results.isEmpty()) {
+            return null;
+        }
+        
+        for (WSHandlerResult rResult : results) {
+            List<WSSecurityEngineResult> signedResults = 
+                rResult.getActionResults().get(WSConstants.SIGN);
+            
+            if (signedResults != null && !signedResults.isEmpty()) {
+                for (WSSecurityEngineResult signedResult : signedResults) {
+                    if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE))
{
+                        return (X509Certificate)signedResult.get(
+                            WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                    }
+                }
+            }
+        }
+        
+        return null;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 460f418..e47fea6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1618,7 +1618,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 CastUtils.cast((List<?>)
                     message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
             if (results != null) {
-                encrKeyBuilder.setUseThisCert(getReqSigCert(results));
+                encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results));
                  
                 //TODO This is a hack, this should not come under USE_REQ_SIG_CERT
                 if (encrKeyBuilder.isCertSet()) {
@@ -1634,32 +1634,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return encrUser;
     }
     
-    private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
-        /*
-        * Scan the results for a matching actor. Use results only if the
-        * receiving Actor and the sending Actor match.
-        */
-        for (WSHandlerResult rResult : results) {
-            List<WSSecurityEngineResult> signedResults = 
-                rResult.getActionResults().get(WSConstants.SIGN);
-            if (signedResults != null) {
-                /*
-                 * Scan the results for the first Signature action. Use the
-                 * certificate of this Signature to set the certificate for the
-                 * encryption action :-).
-                 */
-                for (WSSecurityEngineResult signedResult : signedResults) {
-                    if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE))
{
-                        return (X509Certificate)signedResult.get(
-                            WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-                    }
-                }
-            }
-        }
-        
-        return null;
-    }
-    
     /**
      * Scan through <code>WSHandlerResult<code> list for a Username token and
return
      * the username if a Username Token found 

http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 6ed5ba7..386f32b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -77,11 +77,11 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
 import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
 import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -541,20 +541,9 @@ public abstract class AbstractOperation {
         List<WSHandlerResult> results = 
             (List<WSHandlerResult>) context.get(WSHandlerConstants.RECV_RESULTS);
         // DOM
-        if (results != null) {
-            for (WSHandlerResult rResult : results) {
-                List<WSSecurityEngineResult> signedResults = 
-                    rResult.getActionResults().get(WSConstants.SIGN);
-                if (signedResults != null) {
-                    for (WSSecurityEngineResult wser : signedResults) {
-                        X509Certificate cert = 
-                            (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-                        if (cert != null) {
-                            return cert;
-                        }
-                    }
-                }
-            }
+        X509Certificate cert = WSS4JUtils.getReqSigCert(results);
+        if (cert != null) {
+            return cert;
         }
         
         // Streaming


Mime
View raw message