cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] cxf git commit: Refactor how we extract "IDs" from delegation tokens when used for caching
Date Wed, 05 Apr 2017 11:50:05 GMT
Refactor how we extract "IDs" from delegation tokens when used for caching


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1a4fe22f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1a4fe22f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1a4fe22f

Branch: refs/heads/3.1.x-fixes
Commit: 1a4fe22fc297f8be204788bcdfcd498e91201a01
Parents: 22a58c3
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 5 11:01:21 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 5 11:41:59 2017 +0100

----------------------------------------------------------------------
 .../security/trust/DefaultSTSTokenCacher.java   | 40 +++++++++++++++++---
 1 file changed, 35 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1a4fe22f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
index 6fc26f0..c2699fc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.ws.security.trust;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -33,6 +36,7 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 
 public class DefaultSTSTokenCacher implements STSTokenCacher {
@@ -163,16 +167,42 @@ public class DefaultSTSTokenCacher implements STSTokenCacher {
         return false;
     }
 
+    // Get an id from the token that is unique to that token
     private static String getIdFromToken(Element token) {
         if (token != null) {
-            // Try to find the "Id" on the token.
-            if (token.hasAttributeNS(WSConstants.WSU_NS, "Id")) {
-                return token.getAttributeNS(WSConstants.WSU_NS, "Id");
-            } else if (token.hasAttributeNS(null, "ID")) {
+            // For SAML tokens get the ID/AssertionID
+            if ("Assertion".equals(token.getLocalName())
+                && WSConstants.SAML2_NS.equals(token.getNamespaceURI())) {
                 return token.getAttributeNS(null, "ID");
-            } else if (token.hasAttributeNS(null, "AssertionID")) {
+            } else if ("Assertion".equals(token.getLocalName())
+                && WSConstants.SAML_NS.equals(token.getNamespaceURI())) {
                 return token.getAttributeNS(null, "AssertionID");
             }
+
+            // For UsernameTokens get the username
+            if (WSConstants.USERNAME_TOKEN_LN.equals(token.getLocalName())
+                && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) {
+                Element usernameElement =
+                    XMLUtils.getDirectChildElement(token, WSConstants.USERNAME_LN, WSConstants.WSSE_NS);
+                if (usernameElement != null) {
+                    return XMLUtils.getElementText(usernameElement);
+                }
+            }
+
+            // For BinarySecurityTokens take the hash of the value
+            if (WSConstants.BINARY_TOKEN_LN.equals(token.getLocalName())
+                && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) {
+                String text = XMLUtils.getElementText(token);
+                if (text != null && !"".equals(text)) {
+                    try {
+                        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+                        byte[] bytes = digest.digest(text.getBytes());
+                        return Base64.getMimeEncoder().encodeToString(bytes);
+                    } catch (NoSuchAlgorithmException e) {
+                        // SHA-256 must be supported so not going to happen...
+                    }
+                }
+            }
         }
         return "";
     }


Mime
View raw message