Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 8D957200BC8 for ; Wed, 23 Nov 2016 13:30:34 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 8C58A160B1E; Wed, 23 Nov 2016 12:30:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B7336160AFD for ; Wed, 23 Nov 2016 13:30:33 +0100 (CET) Received: (qmail 82930 invoked by uid 500); 23 Nov 2016 12:30:32 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 82904 invoked by uid 99); 23 Nov 2016 12:30:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2016 12:30:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id C3755E0AF6; Wed, 23 Nov 2016 12:30:32 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Wed, 23 Nov 2016 12:30:33 -0000 Message-Id: <49ddb82d6e5945f0aeed54aa8e8877bc@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/3] cxf git commit: CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler archived-at: Wed, 23 Nov 2016 12:30:34 -0000 CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler # Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8f1f537c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8f1f537c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8f1f537c Branch: refs/heads/3.0.x-fixes Commit: 8f1f537c7d764c5315935ba7ba8b4a6b44ec1b6b Parents: 8ae768d Author: Colm O hEigeartaigh Authored: Wed Nov 23 11:00:23 2016 +0000 Committer: Colm O hEigeartaigh Committed: Wed Nov 23 12:28:33 2016 +0000 ---------------------------------------------------------------------- .../AsymmetricBindingHandler.java | 3 +- .../policyhandlers/SymmetricBindingHandler.java | 39 ++++++++++++++++---- 2 files changed, 32 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 6ea39c2..cb427df 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -847,8 +847,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); } - getTokenStore().add(tempTok); - message.put(SecurityConstants.TOKEN_ID, tempTok.getId()); + message.put(SecurityConstants.TOKEN, tempTok); return id; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 083f43e..0237ab0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -155,13 +155,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { if (isRequestor()) { tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken); } else { - tokenId = getEncryptedKey(); + tok = getEncryptedKey(); } } else if (encryptionToken instanceof UsernameToken) { if (isRequestor()) { tokenId = setupUTDerivedKey((UsernameToken)encryptionToken); } else { - tokenId = getUTDerivedKey(); + tok = getUTDerivedKey(); } } if (tok == null) { @@ -285,13 +285,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { if (isRequestor()) { sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken); } else { - sigTokId = getEncryptedKey(); + sigTok = getEncryptedKey(); } } else if (sigToken instanceof UsernameToken) { if (isRequestor()) { sigTokId = setupUTDerivedKey((UsernameToken)sigToken); } else { - sigTokId = getUTDerivedKey(); + sigTok = getUTDerivedKey(); } } } else { @@ -928,6 +928,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { return id; } +<<<<<<< HEAD private String getEncryptedKey() { List results = CastUtils.cast((List)message.getExchange().getInMessage() @@ -954,11 +955,28 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { return encryptedKeyID; } } +======= + private SecurityToken getEncryptedKey() { + WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); + if (encryptedKeyResult != null) { + // Store it in the cache + Date created = new Date(); + Date expires = new Date(); + expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message)); + + String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); + SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); + securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); + securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult + .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); + + return securityToken; +>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler } return null; } - private String getUTDerivedKey() throws WSSecurityException { + private SecurityToken getUTDerivedKey() throws WSSecurityException { List results = CastUtils.cast((List)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); @@ -975,14 +993,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { } Date created = new Date(); Date expires = new Date(); +<<<<<<< HEAD expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(utID, created, expires); +======= + expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message)); + SecurityToken securityToken = new SecurityToken(utID, created, expires); + +>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); - tempTok.setSecret(secret); - tokenStore.add(tempTok); + securityToken.setSecret(secret); - return utID; + return securityToken; } } }