You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/03/29 16:17:44 UTC
svn commit: r1086592 - in /cxf/branches/2.3.x-fixes/rt/ws/security: ./
src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Author: coheigea
Date: Tue Mar 29 14:17:43 2011
New Revision: 1086592
URL: http://svn.apache.org/viewvc?rev=1086592&view=rev
Log:
Merged KeyType and OnBehalfOf fix to 2.3.x-fixes.
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/ (props changed)
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Propchange: cxf/branches/2.3.x-fixes/rt/ws/security/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Tue Mar 29 14:17:43 2011
@@ -0,0 +1 @@
+/cxf/trunk/rt/ws/security:1084966,1086102,1086115,1086535,1086550,1086573
Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1086592&r1=1086591&r2=1086592&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Mar 29 14:17:43 2011
@@ -140,6 +140,7 @@ public class STSClient implements Config
AlgorithmSuite algorithmSuite;
String namespace = STSUtils.WST_NS_05_12;
String addressingNamespace;
+ Element onBehalfOfElement;
boolean useCertificateForConfirmationKeyInfo;
boolean isSecureConv;
@@ -147,6 +148,7 @@ public class STSClient implements Config
Object actAs;
String tokenType;
+ String keyType;
boolean sendKeyType = true;
Map<String, Object> ctx = new HashMap<String, Object>();
@@ -311,6 +313,14 @@ public class STSClient implements Config
public void setSendKeyType(boolean sendKeyType) {
this.sendKeyType = sendKeyType;
}
+
+ public void setKeyType(String keyType) {
+ this.keyType = keyType;
+ }
+
+ public void setOnBehalfOfElement(Element onBehalfOfElement) {
+ this.onBehalfOfElement = onBehalfOfElement;
+ }
/**
* Indicate whether to use the signer's public X509 certificate for the subject confirmation key info
@@ -440,8 +450,8 @@ public class STSClient implements Config
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
boolean wroteKeySize = false;
-
- String keyType = null;
+
+ String keyTypeTemplate = null;
String sptt = null;
if (template != null) {
@@ -453,7 +463,7 @@ public class STSClient implements Config
while (tl != null) {
StaxUtils.copy(tl, writer);
if ("KeyType".equals(tl.getLocalName())) {
- keyType = DOMUtils.getContent(tl);
+ keyTypeTemplate = DOMUtils.getContent(tl);
} else if ("KeySize".equals(tl.getLocalName())) {
wroteKeySize = true;
keySize = Integer.parseInt(DOMUtils.getContent(tl));
@@ -470,10 +480,14 @@ public class STSClient implements Config
addRequestType(requestType, writer);
addAppliesTo(writer, appliesTo);
+ addOnBehalfOf(writer);
if (sptt == null) {
addTokenType(writer);
}
- keyType = writeKeyType(writer, keyType);
+ if (keyTypeTemplate == null) {
+ keyTypeTemplate = keyType;
+ }
+ keyTypeTemplate = writeKeyType(writer, keyTypeTemplate);
byte[] requestorEntropy = null;
X509Certificate cert = null;
@@ -482,9 +496,9 @@ public class STSClient implements Config
if (keySize <= 0) {
keySize = 256;
}
- if (keyType != null && keyType.endsWith("SymmetricKey")) {
+ if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) {
requestorEntropy = writeElementsForRSTSymmetricKey(writer, wroteKeySize);
- } else if (keyType != null && keyType.endsWith("PublicKey")) {
+ } else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey")) {
crypto = createCrypto(false);
cert = getCert(crypto);
writeElementsForRSTPublicKey(writer, cert);
@@ -591,6 +605,14 @@ public class STSClient implements Config
writer.writeEndElement();
}
+ private void addOnBehalfOf(W3CDOMStreamWriter writer) throws XMLStreamException {
+ if (onBehalfOfElement != null) {
+ writer.writeStartElement("wst", "OnBehalfOf", namespace);
+ StaxUtils.copy(onBehalfOfElement, writer);
+ writer.writeEndElement();
+ }
+ }
+
private Element getDocumentElement(DOMSource ds) {
Node nd = ds.getNode();
if (nd instanceof Document) {
@@ -767,22 +789,27 @@ public class STSClient implements Config
return !STSUtils.WST_NS_05_02.equals(namespace);
}
- private String writeKeyType(W3CDOMStreamWriter writer, String keyType) throws XMLStreamException {
+ private String writeKeyType(W3CDOMStreamWriter writer, String keyTypeToWrite)
+ throws XMLStreamException {
if (isSecureConv) {
addLifetime(writer);
- if (keyType == null) {
+ if (keyTypeToWrite == null) {
writer.writeStartElement("wst", "TokenType", namespace);
writer.writeCharacters(STSUtils.getTokenTypeSCT(namespace));
writer.writeEndElement();
- keyType = namespace + "/SymmetricKey";
+ keyTypeToWrite = namespace + "/SymmetricKey";
}
- } else if (keyType == null && sendKeyType) {
+ } else if (keyTypeToWrite == null && sendKeyType) {
writer.writeStartElement("wst", "KeyType", namespace);
writer.writeCharacters(namespace + "/SymmetricKey");
writer.writeEndElement();
- keyType = namespace + "/SymmetricKey";
+ keyTypeToWrite = namespace + "/SymmetricKey";
+ } else if (keyTypeToWrite != null) {
+ writer.writeStartElement("wst", "KeyType", namespace);
+ writer.writeCharacters(keyTypeToWrite);
+ writer.writeEndElement();
}
- return keyType;
+ return keyTypeToWrite;
}
private X509Certificate getCert(Crypto crypto) throws Exception {