cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing some outbound policy assertions
Date Wed, 09 Sep 2015 13:44:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9c3ee8bd3 -> 73a1199eb


Fixing some outbound policy assertions


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/73a1199e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/73a1199e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/73a1199e

Branch: refs/heads/master
Commit: 73a1199ebb4203b0463ae91eb761596ae59722e2
Parents: 9c3ee8b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 9 12:53:11 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Sep 9 14:44:05 2015 +0100

----------------------------------------------------------------------
 .../policyhandlers/AbstractBindingBuilder.java  | 14 +++++---
 .../AbstractCommonBindingHandler.java           |  1 +
 .../AsymmetricBindingHandler.java               | 34 ++++++--------------
 .../policyhandlers/SymmetricBindingHandler.java | 13 ++++----
 4 files changed, 27 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/73a1199e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 6cff697..3903e94 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -369,12 +369,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires
a timestamp");
                 } else {
                     addTopDownElement(timestampEl.getElement());
+                    ai.setAsserted(true);
                     assertPolicy(
                          new QName(binding.getLayout().getName().getNamespaceURI(), 
                                    SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
                 }
             } else if (timestampEl != null) {
+                ai.setAsserted(true);
                 addTopDownElement(timestampEl.getElement());
+            } else {
+                ai.setAsserted(true);
             }
             
             assertPolicy(
@@ -1121,18 +1125,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             // Store them so that the main Signature doesn't sign them
             if (parts != null) {
                 suppTokenParts.add(parts);
+                this.assertPolicy(parts.getName());
             }
             if (elements != null) {
                 suppTokenParts.add(elements);
+                this.assertPolicy(elements.getName());
             }
         } else {
             Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
             if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
                     SignedParts signedParts = (SignedParts)ai.getAssertion();
+                    ai.setAsserted(true);
                     if (!suppTokenParts.contains(signedParts)) {
                         parts = signedParts;
-                        ai.setAsserted(true);
                     }
                 }            
             }
@@ -1141,9 +1147,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
                     SignedElements signedElements = (SignedElements)ai.getAssertion();
+                    ai.setAsserted(true);
                     if (!suppTokenParts.contains(signedElements)) {
                         elements = signedElements;
-                        ai.setAsserted(true);
                     }
                 }            
             }
@@ -1563,7 +1569,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             tokenTypeSet = true;
         }
         
-        assertPolicy(token);
+        assertToken(token);
         
         if (!tokenTypeSet) {
             boolean requestor = isRequestor();
@@ -1704,7 +1710,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         sig.setStoreBytesInAttachment(storeBytesInAttachment);
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken || token instanceof SamlToken) {
-            assertPolicy(token);
+            assertToken(token);
             SecurityToken securityToken = getSecurityToken();
             String tokenType = securityToken.getTokenType();
             

http://git-wip-us.apache.org/repos/asf/cxf/blob/73a1199e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index 06d4529..0356490 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -117,6 +117,7 @@ public abstract class AbstractCommonBindingHandler {
             return;
         }
         assertPolicy(tokenWrapper.getName());
+        assertToken(tokenWrapper.getToken());
     }
     
     protected void assertToken(AbstractToken token) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/73a1199e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 54eb0f7..3a645a0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -136,8 +136,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                         unassertPolicy(initiatorToken, "Security token is not found or expired");
                         return;
                     } else {
-                        assertPolicy(initiatorToken);
-                        
                         if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             this.addEncryptedKeyElement(cloneElement(el));
@@ -146,12 +144,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                     }
                 } else if (initiatorToken instanceof SamlToken && isRequestor())
{
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
-                    if (assertionWrapper != null) {
-                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                            addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
-                            storeAssertionAsSecurityToken(assertionWrapper);
-                        }
-                        assertPolicy(initiatorToken);
+                    if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType()))
{
+                        addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+                        storeAssertionAsSecurityToken(assertionWrapper);
                     }
                 } else if (initiatorToken instanceof SamlToken) {
                     String tokenId = getSAMLToken();
@@ -276,24 +271,17 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                 if (secToken == null) {
                     unassertPolicy(initiatorToken, "Security token is not found or expired");
                     return;
-                } else {
-                    assertPolicy(initiatorToken);
-                    
-                    if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                        Element el = secToken.getToken();
-                        this.addEncryptedKeyElement(cloneElement(el));
-                        attached = true;
-                    } 
+                } else if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
+                    Element el = secToken.getToken();
+                    this.addEncryptedKeyElement(cloneElement(el));
+                    attached = true;
                 }
             } else if (initiatorToken instanceof SamlToken && isRequestor()) {
                 try {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
-                    if (assertionWrapper != null) {
-                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
-                            addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
-                            storeAssertionAsSecurityToken(assertionWrapper);
-                        }
-                        assertPolicy(initiatorToken);
+                    if (assertionWrapper != null && isTokenRequired(initiatorToken.getIncludeTokenType()))
{
+                        addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+                        storeAssertionAsSecurityToken(assertionWrapper);
                     }
                 } catch (Exception e) {
                     String reason = e.getMessage();
@@ -308,7 +296,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     return;
                 }
             }
-            assertToken(initiatorToken);
         }
         
         List<WSEncryptionPart> sigParts = new ArrayList<>();
@@ -775,7 +762,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
         throws WSSecurityException {
         //Set up the encrypted key to use
         encrKey = this.getEncryptedKeyBuilder(token);
-        assertPolicy(wrapper);
         Element bstElem = encrKey.getBinarySecurityTokenElement();
         if (bstElem != null) {
             // If a BST is available then use it

http://git-wip-us.apache.org/repos/asf/cxf/blob/73a1199e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index ddbcc69..b5a335f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -166,7 +166,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                         tokenId = getUTDerivedKey();
                     }
                 }
-                assertToken(encryptionToken);
                 if (tok == null) {
                     //if (tokenId == null || tokenId.length() == 0) {
                         //REVISIT - no tokenId?   Exception?
@@ -297,7 +296,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                         sigTokId = getUTDerivedKey();
                     }
                 }
-                assertToken(sigToken);
             } else {
                 unassertPolicy(sbinding, "No signature token");
                 return;
@@ -848,10 +846,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                 }
             }
                       
-            if (included && sbinding.isProtectTokens()) {
-                sigs.add(new WSEncryptionPart(sigTokId));
-                assertPolicy(
-                    new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
+            if (sbinding.isProtectTokens()) {
+                assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
+                if (included) {
+                    sigs.add(new WSEncryptionPart(sigTokId));
+                }
             }
             
             sig.setCustomTokenId(sigTokId);
@@ -886,7 +885,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
 
     private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken)
throws WSSecurityException {
         WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
-        assertPolicy(wrapper);
+        assertTokenWrapper(wrapper);
         String id = encrKey.getId();
         byte[] secret = encrKey.getEphemeralKey();
 


Mime
View raw message