Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 649B318558 for ; Mon, 2 Nov 2015 18:34:34 +0000 (UTC) Received: (qmail 68137 invoked by uid 500); 2 Nov 2015 18:34:34 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 67914 invoked by uid 500); 2 Nov 2015 18:34:34 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 67807 invoked by uid 99); 2 Nov 2015 18:34:34 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Nov 2015 18:34:34 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id DD8D1E03A9; Mon, 2 Nov 2015 18:34:33 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 02 Nov 2015 18:34:33 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/8] cxf git commit: Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 5d4a4bc21 -> 509341667 Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4b4e6396 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4b4e6396 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4b4e6396 Branch: refs/heads/3.0.x-fixes Commit: 4b4e63961a06b8b0bdbc03c042536b1890cb4eca Parents: 5d4a4bc Author: Colm O hEigeartaigh Authored: Mon Nov 2 15:30:21 2015 +0000 Committer: Colm O hEigeartaigh Committed: Mon Nov 2 17:51:32 2015 +0000 ---------------------------------------------------------------------- .../ws/security/trust/AbstractSTSClient.java | 4 ++- .../ws/security/wss4j/SamlTokenInterceptor.java | 4 ++- .../cxf/ws/security/wss4j/WSS4JUtils.java | 27 ++++++++++++++++++++ .../policyhandlers/AbstractBindingBuilder.java | 7 ++--- 4 files changed, 37 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/4b4e6396/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java index 02695eb..a254c27 100755 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java @@ -114,6 +114,7 @@ import org.apache.neethi.PolicyRegistry; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; +import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.derivedKey.P_SHA1; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; @@ -1597,7 +1598,8 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { - return CryptoFactory.getInstance(properties); + PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message); + return CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor); } if (decrypt) { return createCrypto(false); http://git-wip-us.apache.org/repos/asf/cxf/blob/4b4e6396/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index 0c39dbf..25f4881 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -46,6 +46,7 @@ import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; @@ -334,7 +335,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { - crypto = CryptoFactory.getInstance(properties); + PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message); + crypto = CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor); } return crypto; } http://git-wip-us.apache.org/repos/asf/cxf/blob/4b4e6396/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 5ff2500..5f81cf0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -28,6 +28,7 @@ import java.util.List; import java.util.Properties; import javax.crypto.SecretKey; +import javax.security.auth.callback.CallbackHandler; import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapFault; @@ -49,6 +50,7 @@ import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.cache.ReplayCacheFactory; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; @@ -298,6 +300,7 @@ public final class WSS4JUtils { return properties; } +<<<<<<< HEAD public static URL getPropertiesFileURL( Object o, ResourceManager manager, Class callingClass ) { @@ -328,6 +331,30 @@ public final class WSS4JUtils { } else if (o instanceof URL) { return (URL)o; } +======= + public static PasswordEncryptor getPasswordEncryptor(Message message) { + if (message == null) { + return null; + } + PasswordEncryptor passwordEncryptor = + (PasswordEncryptor)message.getContextualProperty( + SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE + ); + if (passwordEncryptor != null) { + return passwordEncryptor; + } + + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); + try { + CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); + if (callbackHandler != null) { + return new JasyptPasswordEncryptor(callbackHandler); + } + } catch (Exception ex) { + return null; + } + +>>>>>>> fcd965e... Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor return null; } http://git-wip-us.apache.org/repos/asf/cxf/blob/4b4e6396/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index c46515e..5837174 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -79,8 +79,6 @@ import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; -import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor; -import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; @@ -1522,12 +1520,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle if (properties != null) { crypto = CryptoFactory.getInstance(properties, Loader.getClassLoader(CryptoFactory.class), - getPasswordEncryptor()); + WSS4JUtils.getPasswordEncryptor(message)); getCryptoCache().put(o, crypto); } return crypto; } +<<<<<<< HEAD protected PasswordEncryptor getPasswordEncryptor() { PasswordEncryptor passwordEncryptor = (PasswordEncryptor)message.getContextualProperty( @@ -1545,6 +1544,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return null; } +======= +>>>>>>> fcd965e... Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) { boolean tokenTypeSet = false;