cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Fixing some outbound policy assertions
Date Wed, 09 Sep 2015 13:44:35 GMT
Fixing some outbound policy assertions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6f0dec69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6f0dec69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6f0dec69

Branch: refs/heads/3.0.x-fixes
Commit: 6f0dec6995ac63f25bfb6b5a770501482d737bab
Parents: 5130728
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 9 12:53:11 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Sep 9 14:44:28 2015 +0100

----------------------------------------------------------------------
 .../policyhandlers/AbstractBindingBuilder.java  | 14 +++++---
 .../AbstractCommonBindingHandler.java           |  1 +
 .../AsymmetricBindingHandler.java               | 34 ++++++--------------
 .../policyhandlers/SymmetricBindingHandler.java | 13 ++++----
 4 files changed, 27 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6f0dec69/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index d8ec26a..8ffa513 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -363,12 +363,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires
a timestamp");
                 } else {
                     addTopDownElement(timestampEl.getElement());
+                    ai.setAsserted(true);
                     assertPolicy(
                          new QName(binding.getLayout().getName().getNamespaceURI(), 
                                    SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
                 }
             } else if (timestampEl != null) {
+                ai.setAsserted(true);
                 addTopDownElement(timestampEl.getElement());
+            } else {
+                ai.setAsserted(true);
             }
             
             assertPolicy(
@@ -1125,18 +1129,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             // Store them so that the main Signature doesn't sign them
             if (parts != null) {
                 suppTokenParts.add(parts);
+                this.assertPolicy(parts.getName());
             }
             if (elements != null) {
                 suppTokenParts.add(elements);
+                this.assertPolicy(elements.getName());
             }
         } else {
             Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
             if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
                     SignedParts signedParts = (SignedParts)ai.getAssertion();
+                    ai.setAsserted(true);
                     if (!suppTokenParts.contains(signedParts)) {
                         parts = signedParts;
-                        ai.setAsserted(true);
                     }
                 }            
             }
@@ -1145,9 +1151,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
                     SignedElements signedElements = (SignedElements)ai.getAssertion();
+                    ai.setAsserted(true);
                     if (!suppTokenParts.contains(signedElements)) {
                         elements = signedElements;
-                        ai.setAsserted(true);
                     }
                 }            
             }
@@ -1557,7 +1563,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             tokenTypeSet = true;
         }
         
-        assertPolicy(token);
+        assertToken(token);
         
         if (!tokenTypeSet) {
             boolean requestor = isRequestor();
@@ -1676,7 +1682,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         sig.setStoreBytesInAttachment(storeBytesInAttachment);
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken || token instanceof SamlToken) {
-            assertPolicy(token);
+            assertToken(token);
             SecurityToken securityToken = getSecurityToken();
             String tokenType = securityToken.getTokenType();
             

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f0dec69/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index 5c8250c..d344648 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -123,6 +123,7 @@ public abstract class AbstractCommonBindingHandler {
             return;
         }
         assertPolicy(tokenWrapper.getName());
+        assertToken(tokenWrapper.getToken());
     }
     
     protected void assertToken(AbstractToken token) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f0dec69/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index c94c913..d5b18f1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -136,8 +136,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                         policyNotAsserted(initiatorToken, "Security token is not found or
expired");
                         return;
                     } else {
-                        assertPolicy(initiatorToken);
-                        
                         if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             this.addEncryptedKeyElement(cloneElement(el));
@@ -146,12 +144,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                     }
                 } else if (initiatorToken instanceof SamlToken && isRequestor())
{
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
-                    if (assertionWrapper != null) {
-                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                            addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
-                            storeAssertionAsSecurityToken(assertionWrapper);
-                        }
-                        assertPolicy(initiatorToken);
+                    if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType()))
{
+                        addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+                        storeAssertionAsSecurityToken(assertionWrapper);
                     }
                 } else if (initiatorToken instanceof SamlToken) {
                     String tokenId = getSAMLToken();
@@ -276,24 +271,17 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                 if (secToken == null) {
                     policyNotAsserted(initiatorToken, "Security token is not found or expired");
                     return;
-                } else {
-                    assertPolicy(initiatorToken);
-                    
-                    if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                        Element el = secToken.getToken();
-                        this.addEncryptedKeyElement(cloneElement(el));
-                        attached = true;
-                    } 
+                } else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
+                    Element el = secToken.getToken();
+                    this.addEncryptedKeyElement(cloneElement(el));
+                    attached = true;
                 }
             } else if (initiatorToken instanceof SamlToken && isRequestor()) {
                 try {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
-                    if (assertionWrapper != null) {
-                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                            addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
-                            storeAssertionAsSecurityToken(assertionWrapper);
-                        }
-                        assertPolicy(initiatorToken);
+                    if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType()))
{
+                        addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+                        storeAssertionAsSecurityToken(assertionWrapper);
                     }
                 } catch (Exception e) {
                     String reason = e.getMessage();
@@ -308,7 +296,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     return;
                 }
             }
-            assertToken(initiatorToken);
         }
         
         List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
@@ -808,7 +795,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
         throws WSSecurityException {
         //Set up the encrypted key to use
         encrKey = this.getEncryptedKeyBuilder(token);
-        assertPolicy(wrapper);
         Element bstElem = encrKey.getBinarySecurityTokenElement();
         if (bstElem != null) {
             // If a BST is available then use it

http://git-wip-us.apache.org/repos/asf/cxf/blob/6f0dec69/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 979d170..dfc0900 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -164,7 +164,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                         tokenId = getUTDerivedKey();
                     }
                 }
-                assertToken(encryptionToken);
                 if (tok == null) {
                     //if (tokenId == null || tokenId.length() == 0) {
                         //REVISIT - no tokenId?   Exception?
@@ -295,7 +294,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                         sigTokId = getUTDerivedKey();
                     }
                 }
-                assertToken(sigToken);
             } else {
                 policyNotAsserted(sbinding, "No signature token");
                 return;
@@ -836,10 +834,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                 }
             }
                       
-            if (included && sbinding.isProtectTokens()) {
-                sigs.add(new WSEncryptionPart(sigTokId));
-                assertPolicy(
-                    new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
+            if (sbinding.isProtectTokens()) {
+                assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
+                if (included) {
+                    sigs.add(new WSEncryptionPart(sigTokId));
+                }
             }
             
             sig.setCustomTokenId(sigTokId);
@@ -874,7 +873,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
 
     private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken)
throws WSSecurityException {
         WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
-        assertPolicy(wrapper);
+        assertTokenWrapper(wrapper);
         String id = encrKey.getId();
         byte[] secret = encrKey.getEphemeralKey();
 


Mime
View raw message