cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Temporarily applying a fix for crypto loading until the next WSS4J release is out
Date Fri, 01 Jul 2016 16:41:52 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 7e751b2f6 -> 55cb81445


Temporarily applying a fix for crypto loading until the next WSS4J release is out


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55cb8144
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55cb8144
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55cb8144

Branch: refs/heads/3.1.x-fixes
Commit: 55cb81445f7ec37fddec1278a6991fa00c6ae76d
Parents: 7e751b2
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jul 1 17:41:34 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jul 1 17:41:34 2016 +0100

----------------------------------------------------------------------
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    | 75 ++++++++++++++++++++
 1 file changed, 75 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/55cb8144/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index fb80007..962b5ce 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -24,6 +24,8 @@ import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
+import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
@@ -31,6 +33,7 @@ import javax.xml.stream.XMLStreamException;
 
 import org.w3c.dom.Element;
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
@@ -43,8 +46,10 @@ import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParamete
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
 import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -64,6 +69,9 @@ import org.apache.wss4j.policy.model.Wss11;
  * 
  */
 public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);
+    
     /**
      * 
      */
@@ -80,6 +88,73 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
         }
     }
     
+    /**
+     * TODO - This method can be removed when WSS4J 2.1.7 is released - see WSS-582
+     * 
+     * Load a Crypto instance. Firstly, it tries to use the cryptoPropertyRefId tag to retrieve
+     * a Crypto object via a custom reference Id. Failing this, it tries to load the crypto
+     * instance via the cryptoPropertyFile tag.
+     *
+     * @param requestData the RequestData object
+     * @return a Crypto instance to use for Encryption creation/verification
+     */
+    @Override
+    protected Crypto loadCrypto(
+        String cryptoPropertyFile,
+        String cryptoPropertyRefId,
+        RequestData requestData
+    ) throws WSSecurityException {
+        Object mc = requestData.getMsgContext();
+        Crypto crypto = null;
+
+        //
+        // Try the Property Ref Id first
+        //
+        String refId = getString(cryptoPropertyRefId, mc);
+        if (refId != null) {
+            crypto = cryptos.get(refId);
+            if (crypto == null) {
+                Object obj = getProperty(mc, refId);
+                if (obj instanceof Properties) {
+                    crypto = CryptoFactory.getInstance((Properties)obj,
+                                                       Loader.getClassLoader(CryptoFactory.class),
+                                                       getPasswordEncryptor(requestData));
+                    cryptos.put(refId, crypto);
+                } else if (obj instanceof Crypto) {
+                    // No need to cache this as it's already loaded
+                    crypto = (Crypto)obj;
+                }
+            }
+            if (crypto == null) {
+                LOG.warning("The Crypto reference " + refId + " specified by "
+                    + cryptoPropertyRefId + " could not be loaded"
+                );
+            }
+        }
+
+        //
+        // Now try loading the properties file
+        //
+        if (crypto == null) {
+            String propFile = getString(cryptoPropertyFile, mc);
+            if (propFile != null) {
+                crypto = cryptos.get(propFile);
+                if (crypto == null) {
+                    crypto = loadCryptoFromPropertiesFile(propFile, requestData);
+                    cryptos.put(propFile, crypto);
+                }
+                if (crypto == null) {
+                    LOG.warning(
+                         "The Crypto properties file " + propFile + " specified by "
+                         + cryptoPropertyFile + " could not be loaded or found"
+                    );
+                }
+            }
+        }
+
+        return crypto;
+    }
+    
     private void handleWSS11(AssertionInfoMap aim, SoapMessage message) {
         if (isRequestor(message)) {
             message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");


Mime
View raw message