cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/4] cxf git commit: Fixing merge
Date Fri, 14 Oct 2016 17:23:44 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes e802824d9 -> b9bdfa1f2


Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9bdfa1f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9bdfa1f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9bdfa1f

Branch: refs/heads/3.0.x-fixes
Commit: b9bdfa1f224ea0615f64fefbe0d6e4feea261312
Parents: 4afe08f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 14 18:23:30 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 14 18:23:39 2016 +0100

----------------------------------------------------------------------
 .../AbstractSupportingTokenPolicyValidator.java | 21 +++++++++++++++-----
 .../EncryptedTokenPolicyValidator.java          | 11 ++++------
 .../EndorsingEncryptedTokenPolicyValidator.java | 17 ++--------------
 .../SignedEncryptedTokenPolicyValidator.java    | 21 ++++----------------
 ...dEndorsingEncryptedTokenPolicyValidator.java | 17 ++--------------
 5 files changed, 28 insertions(+), 59 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bdfa1f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index 3dfbead..4f49c79 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -95,10 +95,6 @@ public abstract class AbstractSupportingTokenPolicyValidator
     private EncryptedParts encryptedParts;
     private boolean enforceEncryptedTokens = true;
     
-    protected abstract boolean isSigned();
-    protected abstract boolean isEncrypted();
-    protected abstract boolean isEndorsing();
-    
     /**
      * Set the list of UsernameToken results
      */
@@ -468,7 +464,7 @@ public abstract class AbstractSupportingTokenPolicyValidator
         return null;
     }
     
-    private boolean isTLSInUse() {
+    protected boolean isTLSInUse() {
         // See whether TLS is in use or not
         TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
         if (tlsInfo != null) {
@@ -934,4 +930,19 @@ public abstract class AbstractSupportingTokenPolicyValidator
         this.enforceEncryptedTokens = enforceEncryptedTokens;
     }
 
+    static AssertionInfo getFirstAssertionByLocalname(
+        AssertionInfoMap aim, String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS,
localname));
+        if (sp11Ais != null && !sp11Ais.isEmpty()) {
+            return sp11Ais.iterator().next();
+        }
+
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS,
localname));
+        if (sp12Ais != null && !sp12Ais.isEmpty()) {
+            return sp12Ais.iterator().next();
+        }
+
+        return null;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bdfa1f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
index 1452bee..f1ea095 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
@@ -26,8 +26,6 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -63,18 +61,17 @@ public class EncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicy
             setSignedResults(signedResults);
             setEncryptedResults(encryptedResults);
             
-            parsePolicies(ais, message);
+            parsePolicies(aim, ais, message);
         }
         
         return true;
     }
     
-    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
+    private void parsePolicies(AssertionInfoMap aim, Collection<AssertionInfo> ais,
Message message) {
         // Tokens must be encrypted even if TLS is used unless we have a TransportBinding
policy available
-        if (isTLSInUse(parameters.getMessage())) {
+        if (isTLSInUse()) {
             AssertionInfo transportAi = 
-                PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(),

-                                                         SPConstants.TRANSPORT_BINDING);
+                getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
             super.setEnforceEncryptedTokens(transportAi == null);
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bdfa1f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
index a131429..6f93577 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
@@ -24,13 +24,8 @@ import java.util.List;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
-<<<<<<< HEAD
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-=======
-import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.wss4j.policy.SP12Constants;
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -54,7 +49,6 @@ public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTo
         setEncrypted(true);
     }
     
-<<<<<<< HEAD
     public boolean validatePolicy(
         AssertionInfoMap aim, 
         Message message,
@@ -77,20 +71,13 @@ public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTo
     }
     
     private void parsePolicies(AssertionInfoMap aim, Collection<AssertionInfo> ais,
Message message) {
-=======
-    /**
-     * Validate policies.
-     */
-    public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo>
ais) {
         // Tokens must be encrypted even if TLS is used unless we have a TransportBinding
policy available
-        if (isTLSInUse(parameters.getMessage())) {
+        if (isTLSInUse()) {
             AssertionInfo transportAi = 
-                PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(),

-                                                         SPConstants.TRANSPORT_BINDING);
+                getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
             super.setEnforceEncryptedTokens(transportAi == null);
         }
         
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bdfa1f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
index 32d6b37..e5ac0c1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
@@ -24,13 +24,8 @@ import java.util.List;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
-<<<<<<< HEAD
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-=======
-import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.wss4j.policy.SP12Constants;
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -53,7 +48,6 @@ public class SignedEncryptedTokenPolicyValidator extends AbstractSupportingToken
         setEncrypted(true);
     }
     
-<<<<<<< HEAD
     public boolean validatePolicy(
         AssertionInfoMap aim, 
         Message message,
@@ -69,27 +63,20 @@ public class SignedEncryptedTokenPolicyValidator extends AbstractSupportingToken
             setSignedResults(signedResults);
             setEncryptedResults(encryptedResults);
             
-            parsePolicies(ais, message);
+            parsePolicies(aim, ais, message);
         }
         
         return true;
     }
     
-    private void parsePolicies(Collection<AssertionInfo> ais, Message message) {
-=======
-    /**
-     * Validate policies. 
-     */
-    public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo>
ais) {
+    private void parsePolicies(AssertionInfoMap aim, Collection<AssertionInfo> ais,
Message message) {
         // Tokens must be encrypted even if TLS is used unless we have a TransportBinding
policy available
-        if (isTLSInUse(parameters.getMessage())) {
+        if (isTLSInUse()) {
             AssertionInfo transportAi = 
-                PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(),

-                                                         SPConstants.TRANSPORT_BINDING);
+                getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
             super.setEnforceEncryptedTokens(transportAi == null);
         }
         
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/b9bdfa1f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
index 3242dbf..9db1ae8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
@@ -24,13 +24,8 @@ import java.util.List;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
-<<<<<<< HEAD
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-=======
-import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.wss4j.policy.SP12Constants;
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -55,7 +50,6 @@ public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSuppor
         setEncrypted(true);
     }
     
-<<<<<<< HEAD
     public boolean validatePolicy(
         AssertionInfoMap aim, 
         Message message,
@@ -78,20 +72,13 @@ public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSuppor
     }
     
     private void parsePolicies(AssertionInfoMap aim, Collection<AssertionInfo> ais,
Message message) {
-=======
-    /**
-     * Validate policies.
-     */
-    public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo>
ais) {
         // Tokens must be encrypted even if TLS is used unless we have a TransportBinding
policy available
-        if (isTLSInUse(parameters.getMessage())) {
+        if (isTLSInUse()) {
             AssertionInfo transportAi = 
-                PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(),

-                                                         SPConstants.TRANSPORT_BINDING);
+                getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
             super.setEnforceEncryptedTokens(transportAi == null);
         }
         
->>>>>>> 011725e... CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy
and SAML not encrypted being accepted
         for (AssertionInfo ai : ais) {
             SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);


Mime
View raw message