cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Consolidate some code in WS-Security/STS
Date Mon, 17 Aug 2015 16:08:17 GMT
Consolidate some code in WS-Security/STS

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
	services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c81e8d44
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c81e8d44
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c81e8d44

Branch: refs/heads/3.0.x-fixes
Commit: c81e8d440a5300e3b9390e2b8bb7b3aa8c70ad61
Parents: 0e9101f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Aug 17 16:56:06 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Aug 17 16:56:40 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/wss4j/WSS4JUtils.java       | 68 ++++++++++++++++++++
 .../policyhandlers/AbstractBindingBuilder.java  |  5 +-
 .../cxf/sts/operation/AbstractOperation.java    |  8 ++-
 3 files changed, 79 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index d872a47..387fb56 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -22,7 +22,13 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.security.Key;
+import java.security.cert.X509Certificate;
 import java.util.Date;
+<<<<<<< HEAD
+=======
+import java.util.List;
+import java.util.Map;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
 import java.util.Properties;
 
 import javax.crypto.SecretKey;
@@ -49,6 +55,13 @@ import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
+<<<<<<< HEAD
+=======
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -350,4 +363,59 @@ public final class WSS4JUtils {
         return CryptoFactory.getInstance(propFilename, classLoader);
     }
     
+<<<<<<< HEAD
+=======
+    public static Crypto getSignatureCrypto(
+        Object s, 
+        SoapMessage message, 
+        PasswordEncryptor passwordEncryptor
+    ) throws WSSecurityException {
+        Crypto signCrypto = null;
+        if (s instanceof Crypto) {
+            signCrypto = (Crypto)s;
+        } else if (s != null) {
+            URL propsURL = SecurityUtils.loadResource(message, s);
+            Properties props = WSS4JUtils.getProps(s, propsURL);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Signature properties: " + s);
+                Exception ex = new Exception("Cannot find Crypto Signature properties: "
+ s);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+            
+            signCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class),
+                                                   passwordEncryptor);
+
+            EndpointInfo info = message.getExchange().getEndpoint().getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+            }
+        }
+        return signCrypto;
+    }
+    
+    /**
+     * Get the certificate that was used to sign the request
+     */
+    public static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
+        if (results == null || results.isEmpty()) {
+            return null;
+        }
+        
+        for (WSHandlerResult rResult : results) {
+            List<WSSecurityEngineResult> signedResults = 
+                rResult.getActionResults().get(WSConstants.SIGN);
+            
+            if (signedResults != null && !signedResults.isEmpty()) {
+                for (WSSecurityEngineResult signedResult : signedResults) {
+                    if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE))
{
+                        return (X509Certificate)signedResult.get(
+                            WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                    }
+                }
+            }
+        }
+        
+        return null;
+    }
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 62b016c..6a992cb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1611,7 +1611,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 CastUtils.cast((List<?>)
                     message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
             if (results != null) {
-                encrKeyBuilder.setUseThisCert(getReqSigCert(results));
+                encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results));
                  
                 //TODO This is a hack, this should not come under USE_REQ_SIG_CERT
                 if (encrKeyBuilder.isCertSet()) {
@@ -1627,6 +1627,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return encrUser;
     }
     
+<<<<<<< HEAD
     private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
         /*
         * Scan the results for a matching actor. Use results only if the
@@ -1650,6 +1651,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return null;
     }
     
+=======
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
     /**
      * Scan through <code>WSHandlerResult<code> list for a Username token and
return
      * the username if a Username Token found 

http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 4146a3f..f91edee 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -76,10 +76,10 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
 import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
 import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -543,6 +543,7 @@ public abstract class AbstractOperation {
         List<WSHandlerResult> results = 
             (List<WSHandlerResult>) context.get(WSHandlerConstants.RECV_RESULTS);
         // DOM
+<<<<<<< HEAD
         if (results != null) {
             for (WSHandlerResult rResult : results) {
                 List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
@@ -558,6 +559,11 @@ public abstract class AbstractOperation {
                     }
                 }
             }
+=======
+        X509Certificate cert = WSS4JUtils.getReqSigCert(results);
+        if (cert != null) {
+            return cert;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
         }
         
         // Streaming


Mime
View raw message