cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler
Date Wed, 23 Nov 2016 12:30:33 GMT
CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler

# Conflicts:
#	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8f1f537c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8f1f537c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8f1f537c

Branch: refs/heads/3.0.x-fixes
Commit: 8f1f537c7d764c5315935ba7ba8b4a6b44ec1b6b
Parents: 8ae768d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Nov 23 11:00:23 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Nov 23 12:28:33 2016 +0000

----------------------------------------------------------------------
 .../AsymmetricBindingHandler.java               |  3 +-
 .../policyhandlers/SymmetricBindingHandler.java | 39 ++++++++++++++++----
 2 files changed, 32 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 6ea39c2..cb427df 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -847,8 +847,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                         tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                     }
                     
-                    getTokenStore().add(tempTok);
-                    message.put(SecurityConstants.TOKEN_ID, tempTok.getId());
+                    message.put(SecurityConstants.TOKEN, tempTok);
                     
                     return id;
                 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 083f43e..0237ab0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -155,13 +155,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                     if (isRequestor()) {
                         tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
                     } else {
-                        tokenId = getEncryptedKey();
+                        tok = getEncryptedKey();
                     }
                 } else if (encryptionToken instanceof UsernameToken) {
                     if (isRequestor()) {
                         tokenId = setupUTDerivedKey((UsernameToken)encryptionToken);
                     } else {
-                        tokenId = getUTDerivedKey();
+                        tok = getUTDerivedKey();
                     }
                 }
                 if (tok == null) {
@@ -285,13 +285,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                     if (isRequestor()) {
                         sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                     } else {
-                        sigTokId = getEncryptedKey();
+                        sigTok = getEncryptedKey();
                     }
                 } else if (sigToken instanceof UsernameToken) {
                     if (isRequestor()) {
                         sigTokId = setupUTDerivedKey((UsernameToken)sigToken);
                     } else {
-                        sigTokId = getUTDerivedKey();
+                        sigTok = getUTDerivedKey();
                     }
                 }
             } else {
@@ -928,6 +928,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         return id;
     }
     
+<<<<<<< HEAD
     private String getEncryptedKey() {
         
         List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
@@ -954,11 +955,28 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                     return encryptedKeyID;
                 }
             }
+=======
+    private SecurityToken getEncryptedKey() {
+        WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
+        if (encryptedKeyResult != null) {
+            // Store it in the cache
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+            
+            String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
+            SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires);
+            securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
+            securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult
+                                    .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
+            
+            return securityToken;
+>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric
key in SymmetricBindingHandler
         }
         return null;
     }
     
-    private String getUTDerivedKey() throws WSSecurityException {
+    private SecurityToken getUTDerivedKey() throws WSSecurityException {
         
         List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
             .get(WSHandlerConstants.RECV_RESULTS));
@@ -975,14 +993,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
                     }
                     Date created = new Date();
                     Date expires = new Date();
+<<<<<<< HEAD
                     expires.setTime(created.getTime() + 300000);
                     SecurityToken tempTok = new SecurityToken(utID, created, expires);
                     
+=======
+                    expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+                    SecurityToken securityToken = new SecurityToken(utID, created, expires);
+
+>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric
key in SymmetricBindingHandler
                     byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                    tempTok.setSecret(secret);
-                    tokenStore.add(tempTok);
+                    securityToken.setSecret(secret);
 
-                    return utID;
+                    return securityToken;
                 }
             }
         }


Mime
View raw message