You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/05/23 10:21:41 UTC
[cxf] 06/07: Picking up more derived key changes in WSS4J
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 6179672762de9c177740d9956640e7f5b073b156
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 1 11:20:57 2019 +0000
Picking up more derived key changes in WSS4J
---
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 1 +
.../wss4j/policyhandlers/AsymmetricBindingHandler.java | 12 ++++++++++--
.../wss4j/policyhandlers/SymmetricBindingHandler.java | 18 ++++++++++++++++--
.../wss4j/policyhandlers/TransportBindingHandler.java | 2 ++
4 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index be9b13a..d6529d8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2096,6 +2096,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
addSig(dkSign.getSignatureValue());
+ dkSign.clean();
}
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 09cd142..3896fa5 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -229,15 +229,18 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encToken != null) {
+ WSSecBase encr = null;
if (encToken.getToken() != null && !enc.isEmpty()) {
if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encToken, enc);
+ encr = doEncryptionDerived(encToken, enc);
} else {
String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
SecretKey symmetricKey = keyGen.generateKey();
- doEncryption(encToken, enc, false, symmetricKey);
+ encr = doEncryption(encToken, enc, false, symmetricKey);
}
+
+ encr.clean();
}
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
@@ -394,6 +397,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (encrBase != null) {
encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
+ encrBase.clean();
}
}
@@ -663,6 +667,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
sig.appendBSTElementToHeader();
+ sig.clean();
}
return;
}
@@ -735,6 +740,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = dkSign.getSignatureId();
}
+ dkSign.clean();
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
@@ -781,6 +787,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = sig.getId();
}
+
+ sig.clean();
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8a4d5d9..0567126 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -283,6 +283,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
}
+
+ if (encr != null) {
+ encr.clean();
+ }
}
} catch (RuntimeException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -408,8 +412,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
+ WSSecBase encr = null;
if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
+ encr = doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
} else {
byte[] ephemeralKey = encrTok.getSecret();
SecretKey symmetricKey = null;
@@ -420,8 +425,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
symmetricKey = keyGen.generateKey();
}
- doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
+ encr = doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
}
+
+ encr.clean();
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
@@ -800,8 +807,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
this.mainSigId = dkSign.getSignatureId();
+ dkSign.clean();
return dkSign.getSignatureValue();
}
+
+ dkSign.clean();
return null;
}
@@ -933,8 +943,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
bottomUpElement = sig.getSignatureElement();
this.mainSigId = sig.getId();
+
+ sig.clean();
return sig.getSignatureValue();
}
+
+ sig.clean();
return null;
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 33ae0dd..4be39d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -404,6 +404,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.appendDKElementToHeader();
dkSig.computeSignature(referenceList, false, null);
+ dkSig.clean();
return dkSig.getSignatureValue();
}
WSSecSignature sig = getSignatureBuilder(token, false, false);
@@ -514,6 +515,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
//Do signature
dkSign.computeSignature(referenceList, false, null);
+ dkSign.clean();
return dkSign.getSignatureValue();
}