From commits-return-45910-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org Wed Apr 5 11:50:06 2017 Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E4C9518B7F for ; Wed, 5 Apr 2017 11:50:06 +0000 (UTC) Received: (qmail 4311 invoked by uid 500); 5 Apr 2017 11:50:06 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 4155 invoked by uid 500); 5 Apr 2017 11:50:06 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 4023 invoked by uid 99); 5 Apr 2017 11:50:04 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Apr 2017 11:50:04 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 9D488DFFAB; Wed, 5 Apr 2017 11:50:04 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Wed, 05 Apr 2017 11:50:05 -0000 Message-Id: <5694157899704430af80d6eb36f5fe65@git.apache.org> In-Reply-To: <2a1ba5889fc84398bc4d7995e832a798@git.apache.org> References: <2a1ba5889fc84398bc4d7995e832a798@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [2/4] cxf git commit: Refactor how we extract "IDs" from delegation tokens when used for caching Refactor how we extract "IDs" from delegation tokens when used for caching Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1a4fe22f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1a4fe22f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1a4fe22f Branch: refs/heads/3.1.x-fixes Commit: 1a4fe22fc297f8be204788bcdfcd498e91201a01 Parents: 22a58c3 Author: Colm O hEigeartaigh Authored: Wed Apr 5 11:01:21 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Apr 5 11:41:59 2017 +0100 ---------------------------------------------------------------------- .../security/trust/DefaultSTSTokenCacher.java | 40 +++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1a4fe22f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java index 6fc26f0..c2699fc 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java @@ -19,6 +19,9 @@ package org.apache.cxf.ws.security.trust; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.HashMap; import java.util.Map; @@ -33,6 +36,7 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.WSConstants; public class DefaultSTSTokenCacher implements STSTokenCacher { @@ -163,16 +167,42 @@ public class DefaultSTSTokenCacher implements STSTokenCacher { return false; } + // Get an id from the token that is unique to that token private static String getIdFromToken(Element token) { if (token != null) { - // Try to find the "Id" on the token. - if (token.hasAttributeNS(WSConstants.WSU_NS, "Id")) { - return token.getAttributeNS(WSConstants.WSU_NS, "Id"); - } else if (token.hasAttributeNS(null, "ID")) { + // For SAML tokens get the ID/AssertionID + if ("Assertion".equals(token.getLocalName()) + && WSConstants.SAML2_NS.equals(token.getNamespaceURI())) { return token.getAttributeNS(null, "ID"); - } else if (token.hasAttributeNS(null, "AssertionID")) { + } else if ("Assertion".equals(token.getLocalName()) + && WSConstants.SAML_NS.equals(token.getNamespaceURI())) { return token.getAttributeNS(null, "AssertionID"); } + + // For UsernameTokens get the username + if (WSConstants.USERNAME_TOKEN_LN.equals(token.getLocalName()) + && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) { + Element usernameElement = + XMLUtils.getDirectChildElement(token, WSConstants.USERNAME_LN, WSConstants.WSSE_NS); + if (usernameElement != null) { + return XMLUtils.getElementText(usernameElement); + } + } + + // For BinarySecurityTokens take the hash of the value + if (WSConstants.BINARY_TOKEN_LN.equals(token.getLocalName()) + && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) { + String text = XMLUtils.getElementText(token); + if (text != null && !"".equals(text)) { + try { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] bytes = digest.digest(text.getBytes()); + return Base64.getMimeEncoder().encodeToString(bytes); + } catch (NoSuchAlgorithmException e) { + // SHA-256 must be supported so not going to happen... + } + } + } } return ""; }