You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/08/24 17:29:26 UTC
svn commit: r1161154 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Author: coheigea
Date: Wed Aug 24 15:29:26 2011
New Revision: 1161154
URL: http://svn.apache.org/viewvc?rev=1161154&view=rev
Log:
[CXF-3761] - STSClient can't process EncryptedKey elements received from an STS
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1161154&r1=1161153&r2=1161154&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Wed Aug 24 15:29:26 2011
@@ -103,6 +103,7 @@ import org.apache.neethi.Policy;
import org.apache.neethi.PolicyComponent;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -1069,30 +1070,24 @@ public class STSClient implements Config
// First check for the binary secret
String b64Secret = DOMUtils.getContent(child);
secret = Base64.decode(b64Secret);
- } else if (childQname.equals(new QName(namespace, WSConstants.ENC_KEY_LN))) {
- try {
- EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
- WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
- RequestData data = new RequestData();
- data.setDecCrypto(createCrypto(true));
- data.setCallbackHandler(createHandler());
- List<WSSecurityEngineResult> result =
- proc.handleToken(child, data, docInfo);
- secret =
- (byte[])result.get(0).get(
- WSSecurityEngineResult.TAG_SECRET
- );
- } catch (IOException e) {
- throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
- }
+ } else if (childQname.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN))) {
+ secret = decryptKey(child);
} else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
// Handle the computed key
- Element binSecElem = entropy == null ? null : DOMUtils.getFirstElement(entropy);
- String content = binSecElem == null ? null : DOMUtils.getContent(binSecElem);
- if (content != null && !StringUtils.isEmpty(content.trim())) {
-
- byte[] serviceEntr = Base64.decode(content);
+ Element computedKeyChild = entropy == null ? null : DOMUtils.getFirstElement(entropy);
+ byte[] serviceEntr = null;
+ if (computedKeyChild != null) {
+ QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild);
+ if (computedKeyChildQName.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN))) {
+ serviceEntr = decryptKey(computedKeyChild);
+ } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) {
+ String content = DOMUtils.getContent(computedKeyChild);
+ serviceEntr = Base64.decode(content);
+ }
+ }
+
+ if (serviceEntr != null) {
// Right now we only use PSHA1 as the computed key algo
P_SHA1 psha1 = new P_SHA1();
@@ -1118,6 +1113,25 @@ public class STSClient implements Config
return token;
}
+
+ private byte[] decryptKey(Element child) throws TrustException, WSSecurityException {
+ try {
+ EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+ WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
+ RequestData data = new RequestData();
+ data.setWssConfig(WSSConfig.getNewInstance());
+ data.setDecCrypto(createCrypto(true));
+ data.setCallbackHandler(createHandler());
+ List<WSSecurityEngineResult> result =
+ proc.handleToken(child, data, docInfo);
+ return
+ (byte[])result.get(0).get(
+ WSSecurityEngineResult.TAG_SECRET
+ );
+ } catch (IOException e) {
+ throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+ }
+ }
private CallbackHandler createHandler() {
Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);