Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BF1C11804D for ; Mon, 17 Aug 2015 15:56:24 +0000 (UTC) Received: (qmail 74635 invoked by uid 500); 17 Aug 2015 15:56:24 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 74573 invoked by uid 500); 17 Aug 2015 15:56:24 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 74564 invoked by uid 99); 17 Aug 2015 15:56:24 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Aug 2015 15:56:24 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 3AF0BE01CA; Mon, 17 Aug 2015 15:56:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <51607123907f412f827f3c1492e5c763@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Consolidate some code in WS-Security/STS Date: Mon, 17 Aug 2015 15:56:24 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master f37119381 -> 17dbc1215 Consolidate some code in WS-Security/STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/17dbc121 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/17dbc121 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/17dbc121 Branch: refs/heads/master Commit: 17dbc121555c2140599a4da6232f57fa07f19bc1 Parents: f371193 Author: Colm O hEigeartaigh Authored: Mon Aug 17 16:56:06 2015 +0100 Committer: Colm O hEigeartaigh Committed: Mon Aug 17 16:56:19 2015 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/wss4j/WSS4JUtils.java | 30 ++++++++++++++++++++ .../policyhandlers/AbstractBindingBuilder.java | 28 +----------------- .../cxf/sts/operation/AbstractOperation.java | 19 +++---------- 3 files changed, 35 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 15e0368..7821703 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -22,7 +22,9 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.Key; +import java.security.cert.X509Certificate; import java.util.Date; +import java.util.List; import java.util.Map; import java.util.Properties; import java.util.logging.Logger; @@ -50,6 +52,9 @@ import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.Loader; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -312,4 +317,29 @@ public final class WSS4JUtils { } return signCrypto; } + + /** + * Get the certificate that was used to sign the request + */ + public static X509Certificate getReqSigCert(List results) { + if (results == null || results.isEmpty()) { + return null; + } + + for (WSHandlerResult rResult : results) { + List signedResults = + rResult.getActionResults().get(WSConstants.SIGN); + + if (signedResults != null && !signedResults.isEmpty()) { + for (WSSecurityEngineResult signedResult : signedResults) { + if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) { + return (X509Certificate)signedResult.get( + WSSecurityEngineResult.TAG_X509_CERTIFICATE); + } + } + } + } + + return null; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 460f418..e47fea6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1618,7 +1618,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle CastUtils.cast((List) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); if (results != null) { - encrKeyBuilder.setUseThisCert(getReqSigCert(results)); + encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results)); //TODO This is a hack, this should not come under USE_REQ_SIG_CERT if (encrKeyBuilder.isCertSet()) { @@ -1634,32 +1634,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return encrUser; } - private static X509Certificate getReqSigCert(List results) { - /* - * Scan the results for a matching actor. Use results only if the - * receiving Actor and the sending Actor match. - */ - for (WSHandlerResult rResult : results) { - List signedResults = - rResult.getActionResults().get(WSConstants.SIGN); - if (signedResults != null) { - /* - * Scan the results for the first Signature action. Use the - * certificate of this Signature to set the certificate for the - * encryption action :-). - */ - for (WSSecurityEngineResult signedResult : signedResults) { - if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) { - return (X509Certificate)signedResult.get( - WSSecurityEngineResult.TAG_X509_CERTIFICATE); - } - } - } - } - - return null; - } - /** * Scan through WSHandlerResult list for a Username token and return * the username if a Username Token found http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java index 6ed5ba7..386f32b 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java @@ -77,11 +77,11 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType; import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType; import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime; import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.WSConstants; -import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.WSSecEncrypt; @@ -541,20 +541,9 @@ public abstract class AbstractOperation { List results = (List) context.get(WSHandlerConstants.RECV_RESULTS); // DOM - if (results != null) { - for (WSHandlerResult rResult : results) { - List signedResults = - rResult.getActionResults().get(WSConstants.SIGN); - if (signedResults != null) { - for (WSSecurityEngineResult wser : signedResults) { - X509Certificate cert = - (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); - if (cert != null) { - return cert; - } - } - } - } + X509Certificate cert = WSS4JUtils.getReqSigCert(results); + if (cert != null) { + return cert; } // Streaming