You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/11/23 11:00:36 UTC
cxf git commit: CXF-7148 - Race Condition while handling symmetric
key in SymmetricBindingHandler
Repository: cxf
Updated Branches:
refs/heads/master 267622c64 -> 1cdab6490
CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1cdab649
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1cdab649
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1cdab649
Branch: refs/heads/master
Commit: 1cdab6490f3a83599326c3bae51ae76af3b5b8fe
Parents: 267622c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 23 11:00:23 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 23 11:00:23 2016 +0000
----------------------------------------------------------------------
.../AsymmetricBindingHandler.java | 3 +--
.../policyhandlers/SymmetricBindingHandler.java | 28 +++++++++-----------
2 files changed, 14 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1cdab649/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index cafa16b..28c33d8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -826,8 +826,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
}
- getTokenStore().add(tempTok);
- message.put(SecurityConstants.TOKEN_ID, tempTok.getId());
+ message.put(SecurityConstants.TOKEN, tempTok);
return id;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1cdab649/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8bb6af2..2534048 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -160,13 +160,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (isRequestor()) {
tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
} else {
- tokenId = getEncryptedKey();
+ tok = getEncryptedKey();
}
} else if (encryptionToken instanceof UsernameToken) {
if (isRequestor()) {
tokenId = setupUTDerivedKey((UsernameToken)encryptionToken);
} else {
- tokenId = getUTDerivedKey();
+ tok = getUTDerivedKey();
}
}
if (tok == null) {
@@ -290,13 +290,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (isRequestor()) {
sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
} else {
- sigTokId = getEncryptedKey();
+ sigTok = getEncryptedKey();
}
} else if (sigToken instanceof UsernameToken) {
if (isRequestor()) {
sigTokId = setupUTDerivedKey((UsernameToken)sigToken);
} else {
- sigTokId = getUTDerivedKey();
+ sigTok = getUTDerivedKey();
}
}
} else {
@@ -970,7 +970,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return id;
}
- private String getEncryptedKey() {
+ private SecurityToken getEncryptedKey() {
WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
if (encryptedKeyResult != null) {
// Store it in the cache
@@ -979,19 +979,18 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
- SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
- tempTok.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
- tempTok.setSHA1(getSHA1((byte[])encryptedKeyResult
+ SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires);
+ securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
+ securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult
.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
- tokenStore.add(tempTok);
- return encryptedKeyID;
+ return securityToken;
}
return null;
}
- private String getUTDerivedKey() throws WSSecurityException {
+ private SecurityToken getUTDerivedKey() throws WSSecurityException {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
@@ -1009,13 +1008,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
Date created = new Date();
Date expires = new Date();
expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
- SecurityToken tempTok = new SecurityToken(utID, created, expires);
+ SecurityToken securityToken = new SecurityToken(utID, created, expires);
byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
- tempTok.setSecret(secret);
- tokenStore.add(tempTok);
+ securityToken.setSecret(secret);
- return utID;
+ return securityToken;
}
}
}