You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/10 14:49:49 UTC
svn commit: r1530949 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/
systests/ws-security/src/test/java/org/apache/cx...
Author: coheigea
Date: Thu Oct 10 12:49:49 2013
New Revision: 1530949
URL: http://svn.apache.org/r1530949
Log:
Some bug fixes + enabled some more streaming derived tests
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Thu Oct 10 12:49:49 2013
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.io.IOException;
+import java.security.Key;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -38,7 +39,6 @@ import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.Message;
@@ -94,11 +94,11 @@ import org.apache.wss4j.policy.model.XPa
import org.apache.wss4j.policy.stax.PolicyUtils;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
+import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.SecurePart.Modifier;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-
import org.opensaml.common.SAMLVersion;
/**
@@ -211,14 +211,20 @@ public abstract class AbstractStaxBindin
return null;
}
- SecurityToken secToken = getSecurityToken();
+ final SecurityToken secToken = getSecurityToken();
if (secToken == null) {
policyNotAsserted(token, "Could not find KerberosToken");
}
// Convert to WSS4J token
final KerberosClientSecurityToken wss4jToken =
- new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+ new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId()) {
+
+ @Override
+ public Key getSecretKey(String algorithmURI) throws XMLSecurityException {
+ return secToken.getKey();
+ }
+ };
wss4jToken.setSha1Identifier(secToken.getSHA1());
final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider =
@@ -236,7 +242,6 @@ public abstract class AbstractStaxBindin
};
outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS,
kerberosSecurityTokenProvider);
-
if (encrypting) {
outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
kerberosSecurityTokenProvider);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Oct 10 12:49:49 2013
@@ -363,7 +363,7 @@ public class StaxSymmetricBindingHandler
String actionToPerform = ConfigurationConstants.ENCRYPT;
if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
- if (MessageUtils.isRequestor(message)) {
+ if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof X509Token) {
config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
} else {
config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
@@ -402,8 +402,10 @@ public class StaxSymmetricBindingHandler
if (isRequestor()) {
config.put(ConfigurationConstants.ENC_KEY_ID,
getKeyIdentifierType(recToken, encrToken));
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "DirectReference");
} else if (recToken.getToken() instanceof KerberosToken && !isRequestor()) {
config.put(ConfigurationConstants.ENC_KEY_ID, "KerberosSHA1");
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "KerberosSHA1");
} else {
config.put(ConfigurationConstants.ENC_KEY_ID, "EncryptedKeySHA1");
if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
@@ -438,7 +440,7 @@ public class StaxSymmetricBindingHandler
String actionToPerform = ConfigurationConstants.SIGNATURE;
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
- if (MessageUtils.isRequestor(message)) {
+ if (MessageUtils.isRequestor(message) && policyToken instanceof X509Token) {
config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "EncryptedKey");
} else {
config.put(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, "DirectReference");
@@ -508,8 +510,13 @@ public class StaxSymmetricBindingHandler
config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
}
}
- } else if (policyToken instanceof KerberosToken && !isRequestor()) {
- config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
+ } else if (policyToken instanceof KerberosToken) {
+ if (isRequestor()) {
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "DirectReference");
+ } else {
+ config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
+ config.put(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, "KerberosSHA1");
+ }
} else if (policyToken instanceof IssuedToken) {
config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
}
Modified: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java Thu Oct 10 12:49:49 2013
@@ -146,9 +146,9 @@ public class X509TokenTest extends Abstr
// DOM
x509Port.doubleIt(25);
- // TODO - Support derived Streaming
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java?rev=1530949&r1=1530948&r2=1530949&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java Thu Oct 10 12:49:49 2013
@@ -103,9 +103,9 @@ public class WSSecurity111Test extends W
String[] argv = new String[] {
"A",
"A-NoTimestamp",
- // TODO Derived "AD",
+ "AD",
// TODO See WSS-468 EncryptBeforeSigning not working "A-ES",
- // TODO Derived "AD-ES",
+ // TODO See WSS-468 Derived "AD-ES",
"UX",
"UX-NoTimestamp",
// TODO Derived "UXD",