You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/03/23 16:44:45 UTC
[1/3] cxf git commit: Fixing failing tests
Repository: cxf
Updated Branches:
refs/heads/master ed18c008f -> ba2d7b85d
Fixing failing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ba2d7b85
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ba2d7b85
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ba2d7b85
Branch: refs/heads/master
Commit: ba2d7b85d44970cb4abd8cd18ac24178394ef404
Parents: 3506302
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Mar 23 15:44:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Mar 23 15:44:40 2015 +0000
----------------------------------------------------------------------
.../apache/cxf/sts/operation/AbstractOperation.java | 4 ++--
.../org/apache/cxf/sts/request/RequestParser.java | 4 ++--
.../cxf/systest/sts/batch/SimpleBatchSTSClient.java | 6 +++---
.../cxf/systest/ws/fault/ModifiedRequestTest.java | 15 +++++++--------
4 files changed, 14 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ba2d7b85/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 5e85234..40c8189 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -78,13 +78,13 @@ import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -214,7 +214,7 @@ public abstract class AbstractOperation {
}
if (tokenReference.isUseKeyIdentifier()) {
- String identifier = WSSecurityUtil.getIDFromReference(tokenReference.getIdentifier());
+ String identifier = XMLUtils.getIDFromReference(tokenReference.getIdentifier());
KeyIdentifierType keyIdentifierType =
QNameConstants.WSSE_FACTORY.createKeyIdentifierType();
http://git-wip-us.apache.org/repos/asf/cxf/blob/ba2d7b85/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index a1a2a26..2c4c9eb 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -76,6 +76,7 @@ import org.apache.cxf.ws.security.sts.provider.model.wstrust14.ActAsType;
import org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType;
import org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
@@ -85,7 +86,6 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.processor.EncryptedKeyProcessor;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.utils.Constants;
/**
@@ -739,7 +739,7 @@ public class RequestParser {
}
// Find processed token corresponding to the URI
- referenceURI = WSSecurityUtil.getIDFromReference(referenceURI);
+ referenceURI = XMLUtils.getIDFromReference(referenceURI);
MessageContext messageContext = wsContext.getMessageContext();
final List<WSHandlerResult> handlerResults =
http://git-wip-us.apache.org/repos/asf/cxf/blob/ba2d7b85/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
index b21fb8e..5814bf7 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
@@ -42,7 +42,6 @@ import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.soap.SoapBindingConstants;
@@ -95,6 +94,7 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.derivedKey.P_SHA1;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
@@ -952,11 +952,11 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider {
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
- WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
+ XMLUtils.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
- WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
+ XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
http://git-wip-us.apache.org/repos/asf/cxf/blob/ba2d7b85/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
index af38d6e..f290cc4 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
@@ -33,7 +33,6 @@ import javax.xml.ws.soap.SOAPFaultException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.endpoint.Client;
@@ -41,9 +40,9 @@ import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.example.contract.doubleit.DoubleItFault;
import org.example.contract.doubleit.DoubleItPortType;
@@ -311,9 +310,9 @@ public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
// Find the Timestamp + change it.
Element timestampElement =
- WSSecurityUtil.findElement(securityHeader, "Timestamp", WSConstants.WSU_NS);
+ XMLUtils.findElement(securityHeader, "Timestamp", WSConstants.WSU_NS);
Element createdValue =
- WSSecurityUtil.findElement(timestampElement, "Created", WSConstants.WSU_NS);
+ XMLUtils.findElement(timestampElement, "Created", WSConstants.WSU_NS);
DateFormat zulu = new XmlSchemaDateFormat();
XMLGregorianCalendar createdCalendar =
@@ -337,7 +336,7 @@ public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
public void modifySecurityHeader(Element securityHeader) {
if (securityHeader != null) {
Element signatureElement =
- WSSecurityUtil.findElement(securityHeader, "Signature", WSConstants.SIG_NS);
+ XMLUtils.findElement(securityHeader, "Signature", WSConstants.SIG_NS);
Node firstChild = signatureElement.getFirstChild();
while (!(firstChild instanceof Element) && firstChild != null) {
@@ -358,9 +357,9 @@ public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
public void modifySecurityHeader(Element securityHeader) {
if (securityHeader != null) {
Element encryptedKey =
- WSSecurityUtil.findElement(securityHeader, "EncryptedKey", WSConstants.ENC_NS);
+ XMLUtils.findElement(securityHeader, "EncryptedKey", WSConstants.ENC_NS);
Element cipherValue =
- WSSecurityUtil.findElement(encryptedKey, "CipherValue", WSConstants.ENC_NS);
+ XMLUtils.findElement(encryptedKey, "CipherValue", WSConstants.ENC_NS);
String cipherText = cipherValue.getTextContent();
StringBuilder stringBuilder = new StringBuilder(cipherText);
@@ -392,7 +391,7 @@ public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
public void modifySOAPBody(Element soapBody) {
if (soapBody != null) {
Element cipherValue =
- WSSecurityUtil.findElement(soapBody, "CipherValue", WSConstants.ENC_NS);
+ XMLUtils.findElement(soapBody, "CipherValue", WSConstants.ENC_NS);
String cipherText = cipherValue.getTextContent();
StringBuilder stringBuilder = new StringBuilder(cipherText);
[2/3] cxf git commit: Large refactor mainly of cxf-rt-rs-security-xml
following on from WSS4J trunk changes
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index ccd8c97..aeafc8f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -25,6 +25,7 @@ import java.util.Date;
import javax.security.auth.callback.CallbackHandler;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
@@ -35,6 +36,7 @@ import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.addressing.AddressingProperties;
@@ -42,7 +44,6 @@ import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index af7b0ac..48cf22c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -28,13 +28,14 @@ import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -62,12 +63,12 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
SecurityToken tok = null;
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
if (tok != null && tok.isExpired()) {
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
- SecurityUtils.getTokenStore(message).remove(tokId);
+ TokenStoreUtils.getTokenStore(message).remove(tokId);
tok = null;
}
}
@@ -81,7 +82,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
}
message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
}
} else {
// server side should be checked on the way in
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
index 61b8ded..19e3493 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
@@ -22,8 +22,8 @@ package org.apache.cxf.ws.security.tokenstore;
import java.net.URL;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
index 1b7cfb6..3183d73 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
@@ -34,9 +34,9 @@ import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.token.Reference;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
@@ -161,11 +161,11 @@ public class SecurityToken implements Serializable {
}
public SecurityToken(String id) {
- this.id = WSSecurityUtil.getIDFromReference(id);
+ this.id = XMLUtils.getIDFromReference(id);
}
public SecurityToken(String id, Date created, Date expires) {
- this.id = WSSecurityUtil.getIDFromReference(id);
+ this.id = XMLUtils.getIDFromReference(id);
if (created != null) {
this.created = new Date(created.getTime());
@@ -179,7 +179,7 @@ public class SecurityToken implements Serializable {
Element tokenElem,
Date created,
Date expires) {
- this.id = WSSecurityUtil.getIDFromReference(id);
+ this.id = XMLUtils.getIDFromReference(id);
this.token = cloneElement(tokenElem);
if (created != null) {
@@ -193,7 +193,7 @@ public class SecurityToken implements Serializable {
public SecurityToken(String id,
Element tokenElem,
Element lifetimeElem) {
- this.id = WSSecurityUtil.getIDFromReference(id);
+ this.id = XMLUtils.getIDFromReference(id);
this.token = cloneElement(tokenElem);
if (lifetimeElem != null) {
@@ -284,7 +284,7 @@ public class SecurityToken implements Serializable {
* Set the id
*/
public void setId(String id) {
- this.id = WSSecurityUtil.getIDFromReference(id);
+ this.id = XMLUtils.getIDFromReference(id);
}
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
new file mode 100644
index 0000000..7842c4b
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.tokenstore;
+
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.security.SecurityConstants;
+
+/**
+ * Some common functionality
+ */
+public final class TokenStoreUtils {
+
+ private TokenStoreUtils() {
+ // complete
+ }
+
+ public static TokenStore getTokenStore(Message message) {
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ TokenStore tokenStore =
+ (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+ if (tokenStore == null) {
+ tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+ }
+ if (tokenStore == null) {
+ TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+ String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
+ String cacheIdentifier =
+ (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
+ if (cacheIdentifier != null) {
+ cacheKey += "-" + cacheIdentifier;
+ } else if (info.getName() != null) {
+ int hashcode = info.getName().toString().hashCode();
+ if (hashcode < 0) {
+ cacheKey += hashcode;
+ } else {
+ cacheKey += "-" + hashcode;
+ }
+ }
+ tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
+ info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
+ }
+ return tokenStore;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index a9a11dc..9884c94 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -75,6 +75,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
@@ -98,7 +99,6 @@ import org.apache.cxf.ws.policy.attachment.reference.ReferenceResolver;
import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
@@ -115,6 +115,7 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.derivedKey.P_SHA1;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
@@ -1518,11 +1519,11 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
// Get the CipherValue
Element tmpE =
- WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
+ XMLUtils.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
byte[] cipherValue = null;
if (tmpE != null) {
tmpE =
- WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
+ XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
cipherValue = Base64.decode(content);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
index 3db4a43..f6bf716 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
@@ -28,11 +28,12 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.w3c.dom.Element;
+
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
@@ -174,7 +175,7 @@ public class STSTokenValidator implements Validator {
return null;
}
- return SecurityUtils.getTokenStore(message);
+ return TokenStoreUtils.getTokenStore(message);
}
protected boolean isValidatedLocally(Credential credential, RequestData data)
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index caa9470..7501ce7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -29,6 +29,7 @@ import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
@@ -40,13 +41,13 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSPasswordCallback;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 5f77140..fbce336 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -46,9 +46,9 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
index 2c8648d..7c3e1ef 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
@@ -24,14 +24,15 @@ import java.util.ArrayList;
import java.util.List;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSSecurityException;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index dd91cf2..a184732 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -31,6 +31,7 @@ import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.StringUtils;
@@ -38,12 +39,12 @@ import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.security.DefaultSecurityContext;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 1788fce..6ff5b9b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -28,6 +28,7 @@ import java.util.Set;
import javax.security.auth.Subject;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.headers.Header;
@@ -40,11 +41,11 @@ import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.ext.WSPasswordCallback;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 61a25b3..e749834 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -45,6 +45,7 @@ import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
@@ -62,12 +63,13 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
import org.apache.cxf.rt.security.saml.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
@@ -677,7 +679,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
TokenStore store =
- SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+ TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
return new TokenStoreCallbackHandler(null, store);
}
throw sec;
@@ -686,7 +688,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
- TokenStore store = SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+ TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
return new TokenStoreCallbackHandler(cbHandler, store);
}
return cbHandler;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index 47d30ed..dc9289f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -40,7 +40,7 @@ import org.apache.cxf.interceptor.StaxInInterceptor;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSSPolicyException;
import org.apache.wss4j.common.cache.ReplayCache;
@@ -121,7 +121,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
final TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- secProps.getCallbackHandler(), SecurityUtils.getTokenStore(soapMessage)
+ secProps.getCallbackHandler(), TokenStoreUtils.getTokenStore(soapMessage)
);
secProps.setCallbackHandler(callbackHandler);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index f012096..2436e25 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -37,11 +37,12 @@ import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.Crypto;
@@ -136,7 +137,7 @@ public final class WSS4JUtils {
if (securityToken == null) {
return null;
}
- SecurityToken existingToken = SecurityUtils.getTokenStore(message).getToken(securityToken.getId());
+ SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
if (existingToken == null || existingToken.isExpired()) {
Date created = new Date();
Date expires = new Date();
@@ -170,7 +171,7 @@ public final class WSS4JUtils {
}
}
- SecurityUtils.getTokenStore(message).add(cachedTok);
+ TokenStoreUtils.getTokenStore(message).add(cachedTok);
return cachedTok.getId();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index e753bcc..5b96a07 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -61,15 +61,16 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyConstants;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
import org.apache.cxf.ws.security.wss4j.CXFCallbackLookup;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
@@ -90,6 +91,7 @@ import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.Version;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngineResult;
@@ -300,7 +302,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
protected final TokenStore getTokenStore() {
- return SecurityUtils.getTokenStore(message);
+ return TokenStoreUtils.getTokenStore(message);
}
protected WSSecTimestamp createTimestamp() {
@@ -432,13 +434,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
//ws-trust/ws-sc stuff.......
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(token, "Could not find IssuedToken");
+ unassertPolicy(token, "Could not find IssuedToken");
}
Element clone = cloneElement(secToken.getToken());
secToken.setToken(clone);
addSupportingElement(clone);
- String id = WSSecurityUtil.getIDFromReference(secToken.getId());
+ String id = XMLUtils.getIDFromReference(secToken.getId());
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(id, "Element");
@@ -651,13 +653,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
part.setId(secRef.getID());
part.setElement(clone);
} else {
- String id = WSSecurityUtil.getIDFromReference(token.getId());
+ String id = XMLUtils.getIDFromReference(token.getId());
part = new WSEncryptionPart(id);
part.setElement(token.getToken());
}
} else {
- policyNotAsserted(supportingToken.getToken(),
+ unassertPolicy(supportingToken.getToken(),
"UnsupportedTokenInSupportingToken: " + tempTok);
}
if (part != null) {
@@ -743,7 +745,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
utBuilder.setUserInfo(userName, password);
} else {
- policyNotAsserted(token, "No password available");
+ unassertPolicy(token, "No password available");
return null;
}
}
@@ -757,7 +759,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return utBuilder;
} else {
- policyNotAsserted(token, "No username available");
+ unassertPolicy(token, "No username available");
return null;
}
}
@@ -783,13 +785,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
utBuilder.addDerivedKey(useMac, null, 1000);
utBuilder.prepare(saaj.getSOAPPart());
} else {
- policyNotAsserted(token, "No password available");
+ unassertPolicy(token, "No password available");
return null;
}
return utBuilder;
} else {
- policyNotAsserted(token, "No username available");
+ unassertPolicy(token, "No username available");
return null;
}
}
@@ -824,7 +826,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
- policyNotAsserted(token, "No SAML CallbackHandler available");
+ unassertPolicy(token, "No SAML CallbackHandler available");
return null;
}
@@ -910,11 +912,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
try {
handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
- policyNotAsserted(info, "No callback handler and no password available");
+ unassertPolicy(info, "No callback handler and no password available");
return null;
}
} catch (WSSecurityException ex) {
- policyNotAsserted(info, "No callback handler and no password available");
+ unassertPolicy(info, "No callback handler and no password available");
return null;
}
@@ -922,7 +924,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
try {
handler.handle(cb);
} catch (Exception e) {
- policyNotAsserted(info, e);
+ unassertPolicy(info, e);
}
//get the password
@@ -1550,7 +1552,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
}
if (encrUser == null || "".equals(encrUser)) {
- policyNotAsserted(token, "A " + (sign ? "signature" : "encryption") + " username needs to be declared.");
+ unassertPolicy(token, "A " + (sign ? "signature" : "encryption") + " username needs to be declared.");
}
if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
List<WSHandlerResult> results =
@@ -1564,7 +1566,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
encrKeyBuilder.setUserInfo(getUsername(results));
}
} else {
- policyNotAsserted(token, "No security results in incoming message");
+ unassertPolicy(token, "No security results in incoming message");
}
} else {
encrKeyBuilder.setUserInfo(encrUser);
@@ -1757,7 +1759,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
try {
user = crypto.getDefaultX509Identifier();
if (StringUtils.isEmpty(user)) {
- policyNotAsserted(token, "No configured " + type + " username detected");
+ unassertPolicy(token, "No configured " + type + " username detected");
return null;
}
} catch (WSSecurityException e1) {
@@ -1765,7 +1767,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
throw new Fault(e1);
}
} else {
- policyNotAsserted(token, "Security configuration could not be detected. "
+ unassertPolicy(token, "Security configuration could not be detected. "
+ "Potential cause: Make sure jaxws:client element with name "
+ "attribute value matching endpoint port is defined as well as a "
+ SecurityConstants.SIGNATURE_PROPERTIES + " element within it.");
@@ -1784,7 +1786,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
- policyNotAsserted(token, e);
+ unassertPolicy(token, e);
}
return sig;
@@ -1826,7 +1828,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
encryptedTokensList.add(part);
}
} catch (WSSecurityException e) {
- policyNotAsserted(supportingToken.getToken(), e);
+ unassertPolicy(supportingToken.getToken(), e);
}
} else if (tempTok instanceof WSSecurityTokenHolder) {
@@ -1938,7 +1940,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.prepare(doc, secHeader);
if (isTokenProtection) {
- String sigTokId = WSSecurityUtil.getIDFromReference(tok.getId());
+ String sigTokId = XMLUtils.getIDFromReference(tok.getId());
sigParts.add(new WSEncryptionPart(sigTokId));
}
@@ -2001,7 +2003,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sigTokId = tok.getId();
}
- sigTokId = WSSecurityUtil.getIDFromReference(sigTokId);
+ sigTokId = XMLUtils.getIDFromReference(sigTokId);
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index 7614198..06d4529 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.neethi.Assertion;
import org.apache.wss4j.policy.SP13Constants;
import org.apache.wss4j.policy.SPConstants;
@@ -72,7 +72,7 @@ public abstract class AbstractCommonBindingHandler {
this.message = msg;
}
- protected void policyNotAsserted(Assertion assertion, String reason) {
+ protected void unassertPolicy(Assertion assertion, String reason) {
if (assertion == null) {
return;
}
@@ -91,7 +91,7 @@ public abstract class AbstractCommonBindingHandler {
}
}
- protected void policyNotAsserted(Assertion assertion, Exception reason) {
+ protected void unassertPolicy(Assertion assertion, Exception reason) {
if (assertion == null) {
return;
}
@@ -450,7 +450,7 @@ public abstract class AbstractCommonBindingHandler {
if (st == null) {
String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
- st = SecurityUtils.getTokenStore(message).getToken(id);
+ st = TokenStoreUtils.getTokenStore(message).getToken(id);
}
}
return st;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index ec40234..56cf6a8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -39,12 +39,13 @@ import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -208,7 +209,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
final SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(token, "Could not find KerberosToken");
+ unassertPolicy(token, "Could not find KerberosToken");
}
// Convert to WSS4J token
@@ -287,7 +288,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
- policyNotAsserted(token, "No SAML CallbackHandler available");
+ unassertPolicy(token, "No SAML CallbackHandler available");
return null;
}
properties.setSamlCallbackHandler(handler);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ee7bdad..e3a7b37 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -133,7 +133,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (initiatorToken instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
} else {
assertPolicy(initiatorToken);
@@ -156,7 +156,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else if (initiatorToken instanceof SamlToken) {
String tokenId = getSAMLToken();
if (tokenId == null) {
- policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
}
}
@@ -272,7 +272,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (initiatorToken instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
} else {
assertPolicy(initiatorToken);
@@ -302,7 +302,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else if (initiatorToken instanceof SamlToken) {
String tokenId = getSAMLToken();
if (tokenId == null) {
- policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ unassertPolicy(initiatorToken, "Security token is not found or expired");
return;
}
}
@@ -320,7 +320,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
addSupportingTokens(sigParts);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
- policyNotAsserted(encryptionToken, ex);
+ unassertPolicy(encryptionToken, ex);
}
List<WSEncryptionPart> encrParts = null;
@@ -476,7 +476,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
return dkEncr;
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
- policyNotAsserted(recToken, e);
+ unassertPolicy(recToken, e);
}
} else {
try {
@@ -518,7 +518,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setEncryptionUser(encr, recToken, false, crypto);
}
if (!encr.isCertSet() && crypto == null) {
- policyNotAsserted(recToken, "Missing security configuration. "
+ unassertPolicy(recToken, "Missing security configuration. "
+ "Make sure jaxws:client element is configured "
+ "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
}
@@ -560,7 +560,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
return encr;
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
- policyNotAsserted(recToken, e);
+ unassertPolicy(recToken, e);
}
}
}
@@ -737,7 +737,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
createEncryptedKey(wrapper, token);
}
} else {
- policyNotAsserted(token, "No security results found");
+ unassertPolicy(token, "No security results found");
}
} else {
createEncryptedKey(wrapper, token);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index 441943c..f610239 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -32,8 +32,8 @@ import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -135,7 +135,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+ properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
);
properties.setCallbackHandler(callbackHandler);
} else if (initiatorToken instanceof SamlToken) {
@@ -262,7 +262,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+ properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
);
properties.setCallbackHandler(callbackHandler);
} else if (initiatorToken instanceof SamlToken) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index a678aef..b4dce04 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -19,7 +19,6 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
-import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -35,15 +34,14 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.wss4j.policy.model.AbstractToken;
@@ -63,7 +61,6 @@ import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.SecurePart;
@@ -120,7 +117,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+ properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
);
properties.setCallbackHandler(callbackHandler);
@@ -195,15 +192,15 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (encryptionToken instanceof UsernameToken) {
- policyNotAsserted(sbinding, "UsernameTokens not supported with Symmetric binding");
+ unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
return;
}
assertToken(encryptionToken);
if (tok == null) {
- tokenId = WSSecurityUtil.getIDFromReference(tokenId);
+ tokenId = XMLUtils.getIDFromReference(tokenId);
// Get hold of the token from the token storage
- tok = SecurityUtils.getTokenStore(message).getToken(tokenId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokenId);
}
// Store key
@@ -321,21 +318,21 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
}
} else if (sigToken instanceof UsernameToken) {
- policyNotAsserted(sbinding, "UsernameTokens not supported with Symmetric binding");
+ unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
return;
}
assertToken(sigToken);
} else {
- policyNotAsserted(sbinding, "No signature token");
+ unassertPolicy(sbinding, "No signature token");
return;
}
if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
- policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
+ unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
return;
}
if (sigTok == null) {
- sigTok = SecurityUtils.getTokenStore(message).getToken(sigTokId);
+ sigTok = TokenStoreUtils.getTokenStore(message).getToken(sigTokId);
}
// Store key
@@ -599,12 +596,12 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
new SecurityToken(IDGenerator.generateID(null), created, expires);
KeyGenerator keyGenerator =
- getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
+ KeyUtils.getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
SecretKey symmetricKey = keyGenerator.generateKey();
tempTok.setKey(symmetricKey);
tempTok.setSecret(symmetricKey.getEncoded());
- SecurityUtils.getTokenStore(message).add(tempTok);
+ TokenStoreUtils.getTokenStore(message).add(tempTok);
return tempTok.getId();
}
@@ -651,33 +648,4 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
return null;
}
- private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
- try {
- //
- // Assume AES as default, so initialize it
- //
- WSSConfig.init();
- String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
- if (keyAlgorithm == null || "".equals(keyAlgorithm)) {
- keyAlgorithm = JCEMapper.translateURItoJCEID(symEncAlgo);
- }
- KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
- keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
- keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
- keyGen.init(256);
- }
- return keyGen;
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e
- );
- }
- }
-
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 8f093fc..4294c97 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
@@ -100,7 +100,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
if (token.getToken() instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(token.getToken(), "No transport token id");
+ unassertPolicy(token.getToken(), "No transport token id");
return;
}
addIssuedToken((IssuedToken)token.getToken(), secToken, false, false);
@@ -316,7 +316,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
// Set up CallbackHandler which wraps the configured Handler
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+ properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
);
properties.setCallbackHandler(callbackHandler);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 7c4c745..ca64d18 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -298,12 +298,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
assertToken(sigToken);
} else {
- policyNotAsserted(sbinding, "No signature token");
+ unassertPolicy(sbinding, "No signature token");
return;
}
if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
- policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
+ unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
return;
} else {
assertPolicy(sigAbstractTokenWrapper);
@@ -359,7 +359,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
//Use the same token
encrTok = sigTok;
} else {
- policyNotAsserted(sbinding, "Encryption token does not equal signature token");
+ unassertPolicy(sbinding, "Encryption token does not equal signature token");
return;
}
@@ -493,7 +493,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return dkEncr;
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
- policyNotAsserted(recToken, e);
+ unassertPolicy(recToken, e);
}
return null;
}
@@ -613,7 +613,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return encr;
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
- policyNotAsserted(recToken, e);
+ unassertPolicy(recToken, e);
}
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index d9eaa2c..a3b65aa 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -138,7 +138,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (transportToken instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
if (secToken == null) {
- policyNotAsserted(transportToken, "No transport token id");
+ unassertPolicy(transportToken, "No transport token id");
return;
} else {
assertPolicy(transportToken);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
index b35a49b..6ca27a1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.Collection;
import java.util.List;
import javax.xml.namespace.QName;
@@ -33,7 +32,6 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.neethi.Assertion;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSConstants;
@@ -445,24 +443,4 @@ public abstract class AbstractBindingPolicyValidator implements SecurityPolicyVa
return false;
}
- protected void notAssertPolicy(AssertionInfoMap aim, Assertion token, String msg) {
- Collection<AssertionInfo> ais = aim.get(token.getName());
- if (ais != null && !ais.isEmpty()) {
- for (AssertionInfo ai : ais) {
- if (ai.getAssertion() == token) {
- ai.setNotAsserted(msg);
- }
- }
- }
- }
-
- protected void notAssertPolicy(AssertionInfoMap aim, QName q, String msg) {
- Collection<AssertionInfo> ais = aim.get(q);
- if (ais != null && !ais.isEmpty()) {
- for (AssertionInfo ai : ais) {
- ai.setNotAsserted(msg);
- }
- }
- }
-
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
index 6c86faf..3bd9eac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
@@ -155,7 +155,7 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
}
if (!foundCert && !signedResults.isEmpty()) {
String error = "An X.509 certificate was not used for the " + wrapper.getName();
- notAssertPolicy(aim, wrapper.getName(), error);
+ unassertPolicy(aim, wrapper.getName(), error);
ai.setNotAsserted(error);
return false;
}
@@ -169,6 +169,15 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
return true;
}
+
+ private void unassertPolicy(AssertionInfoMap aim, QName q, String msg) {
+ Collection<AssertionInfo> ais = aim.get(q);
+ if (ais != null && !ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ ai.setNotAsserted(msg);
+ }
+ }
+ }
private boolean checkRecipientTokens(
AbstractTokenWrapper wrapper,
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
index 351e94b..0cc5a64 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
@@ -28,9 +28,9 @@ import javax.xml.namespace.QName;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSecurityEngineResult;
@@ -104,7 +104,7 @@ public class KerberosTokenPolicyValidator extends AbstractSecurityPolicyValidato
if (asserted) {
SecurityToken token = createSecurityToken(kerberosToken);
token.setSecret((byte[])kerberosResult.get(WSSecurityEngineResult.TAG_SECRET));
- SecurityUtils.getTokenStore(parameters.getMessage()).add(token);
+ TokenStoreUtils.getTokenStore(parameters.getMessage()).add(token);
parameters.getMessage().getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
return;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
index 7f032f5..123cad8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
@@ -33,6 +33,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.bsp.BSPEnforcer;
@@ -201,17 +202,17 @@ public class X509TokenPolicyValidator extends AbstractSecurityPolicyValidator {
private Element getKeyIdentifier(Element signatureElement) {
if (signatureElement != null) {
Element keyInfoElement =
- WSSecurityUtil.getDirectChildElement(
+ XMLUtils.getDirectChildElement(
signatureElement, "KeyInfo", WSConstants.SIG_NS
);
if (keyInfoElement != null) {
Element strElement =
- WSSecurityUtil.getDirectChildElement(
+ XMLUtils.getDirectChildElement(
keyInfoElement, "SecurityTokenReference", WSConstants.WSSE_NS
);
if (strElement != null) {
Element kiElement =
- WSSecurityUtil.getDirectChildElement(
+ XMLUtils.getDirectChildElement(
strElement, "KeyIdentifier", WSConstants.WSSE_NS
);
return kiElement;
[3/3] cxf git commit: Large refactor mainly of cxf-rt-rs-security-xml
following on from WSS4J trunk changes
Posted by co...@apache.org.
Large refactor mainly of cxf-rt-rs-security-xml following on from WSS4J trunk changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/35063023
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/35063023
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/35063023
Branch: refs/heads/master
Commit: 3506302369c0a28647056c1da469bd9844e45826
Parents: ed18c00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Mar 23 14:42:48 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Mar 23 15:44:40 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/common/CryptoLoader.java | 65 +++------
.../cxf/rs/security/common/SecurityUtils.java | 21 +--
.../rs/security/saml/AbstractSamlInHandler.java | 7 +-
.../saml/AbstractSamlOutInterceptor.java | 4 +-
.../apache/cxf/rs/security/saml/SAMLUtils.java | 13 +-
.../security/saml/SamlHeaderOutInterceptor.java | 2 +-
.../security/xml/AbstractXmlEncInHandler.java | 12 +-
.../security/xml/AbstractXmlSecInHandler.java | 12 +-
.../xml/AbstractXmlSecOutInterceptor.java | 12 +-
.../security/xml/AbstractXmlSigInHandler.java | 81 +----------
.../cxf/rs/security/xml/EncryptionUtils.java | 6 +-
.../rs/security/xml/XmlEncOutInterceptor.java | 75 +++--------
.../rs/security/xml/XmlSecInInterceptor.java | 6 +-
.../rs/security/xml/XmlSecOutInterceptor.java | 33 +----
.../rs/security/xml/XmlSigOutInterceptor.java | 2 +-
rt/security/pom.xml | 22 ---
.../apache/cxf/rt/security/claims/Claim.java | 2 +-
.../claims/ClaimsAuthorizingInterceptor.java | 10 +-
.../apache/cxf/rt/security/saml/SAMLUtils.java | 2 +-
.../cxf/rt/security/utils/SecurityUtils.java | 119 +++++++++++++++++
.../AbstractXACMLAuthorizingInterceptor.java | 2 +-
.../xacml/DefaultXACMLRequestBuilder.java | 11 +-
.../apache/cxf/ws/security/SecurityUtils.java | 133 -------------------
.../cxf/ws/security/kerberos/KerberosUtils.java | 2 +-
.../KerberosTokenInterceptorProvider.java | 8 +-
.../policy/interceptors/NegotiationUtils.java | 8 +-
.../policy/interceptors/STSTokenHelper.java | 15 ++-
.../SecureConversationInInterceptor.java | 9 +-
.../SecureConversationOutInterceptor.java | 8 +-
.../SpnegoContextTokenInInterceptor.java | 3 +-
.../SpnegoContextTokenOutInterceptor.java | 9 +-
.../tokenstore/EHCacheTokenStoreFactory.java | 2 +-
.../ws/security/tokenstore/SecurityToken.java | 12 +-
.../ws/security/tokenstore/TokenStoreUtils.java | 64 +++++++++
.../ws/security/trust/AbstractSTSClient.java | 7 +-
.../ws/security/trust/STSTokenValidator.java | 5 +-
.../wss4j/AbstractTokenInterceptor.java | 3 +-
.../wss4j/AbstractWSS4JStaxInterceptor.java | 2 +-
.../wss4j/BinarySecurityTokenInterceptor.java | 3 +-
.../ws/security/wss4j/SamlTokenInterceptor.java | 3 +-
.../wss4j/UsernameTokenInterceptor.java | 3 +-
.../ws/security/wss4j/WSS4JInInterceptor.java | 8 +-
.../security/wss4j/WSS4JStaxInInterceptor.java | 4 +-
.../cxf/ws/security/wss4j/WSS4JUtils.java | 7 +-
.../policyhandlers/AbstractBindingBuilder.java | 46 ++++---
.../AbstractCommonBindingHandler.java | 8 +-
.../AbstractStaxBindingHandler.java | 7 +-
.../AsymmetricBindingHandler.java | 18 +--
.../StaxAsymmetricBindingHandler.java | 6 +-
.../StaxSymmetricBindingHandler.java | 58 ++------
.../StaxTransportBindingHandler.java | 6 +-
.../policyhandlers/SymmetricBindingHandler.java | 10 +-
.../policyhandlers/TransportBindingHandler.java | 2 +-
.../AbstractBindingPolicyValidator.java | 22 ---
.../AsymmetricBindingPolicyValidator.java | 11 +-
.../KerberosTokenPolicyValidator.java | 4 +-
.../X509TokenPolicyValidator.java | 7 +-
57 files changed, 442 insertions(+), 600 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
index 267dae7..8d1474e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
@@ -19,21 +19,16 @@
package org.apache.cxf.rs.security.common;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URI;
import java.net.URL;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -42,16 +37,17 @@ import org.apache.wss4j.common.ext.WSSecurityException;
public class CryptoLoader {
private static final String CRYPTO_CACHE = "rs-security-xml-crypto.cache";
-
+
public Crypto loadCrypto(String cryptoResource) throws IOException, WSSecurityException {
- URL url = ClassLoaderUtils.getResource(cryptoResource, this.getClass());
+ URL url =
+ org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(null, cryptoResource);
if (url != null) {
return loadCryptoFromURL(url);
} else {
return null;
}
}
-
+
public Crypto getCrypto(Message message,
String cryptoKey,
String propKey)
@@ -74,47 +70,18 @@ public class CryptoLoader {
return crypto;
}
- ClassLoaderHolder orig = null;
- try {
- URL url = ClassLoaderUtils.getResource(propResourceName, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("", ClassLoader.class);
- if (loader != null) {
- orig = ClassLoaderUtils.setThreadContextClassloader(loader);
- }
- url = manager.resolveResource(propResourceName, URL.class);
- }
- if (url == null) {
- try {
- URI propResourceUri = URI.create(propResourceName);
- if (propResourceUri.getScheme() != null) {
- url = propResourceUri.toURL();
- } else {
- File f = new File(propResourceUri.toString());
- if (f.exists()) {
- url = f.toURI().toURL();
- }
- }
- } catch (IOException ex) {
- // let CryptoFactory try to load it
- }
- }
- if (url != null) {
- crypto = loadCryptoFromURL(url);
- } else {
- crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
- }
- if (cryptoCache != null) {
- cryptoCache.put(o, crypto);
- }
- return crypto;
- } finally {
- if (orig != null) {
- orig.reset();
- }
+ URL url = org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(message, propResourceName);
+
+ if (url != null) {
+ crypto = loadCryptoFromURL(url);
+ } else {
+ crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
}
+ if (cryptoCache != null && crypto != null) {
+ cryptoCache.put(o, crypto);
+ }
+
+ return crypto;
}
public static Crypto loadCryptoFromURL(URL url) throws IOException, WSSecurityException {
@@ -133,7 +100,7 @@ public class CryptoLoader {
Map<Object, Crypto> o =
CastUtils.cast((Map<?, ?>)info.getProperty(CRYPTO_CACHE));
if (o == null) {
- o = new ConcurrentHashMap<Object, Crypto>();
+ o = new ConcurrentHashMap<>();
info.setProperty(CRYPTO_CACHE, o);
}
return o;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
index 51db0d2..bc9849f 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
@@ -28,7 +28,6 @@ import javax.security.auth.callback.CallbackHandler;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
@@ -125,7 +124,7 @@ public final class SecurityUtils {
}
public static String getPassword(Message message, String userName,
- int type, Class<?> callingClass) {
+ int type, Class<?> callingClass) throws WSSecurityException {
CallbackHandler handler = getCallbackHandler(message, callingClass);
if (handler == null) {
return null;
@@ -143,28 +142,18 @@ public final class SecurityUtils {
return password == null ? "" : password;
}
- public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass) {
+ public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass)
+ throws WSSecurityException {
return getCallbackHandler(message, callingClass, SecurityConstants.CALLBACK_HANDLER);
}
public static CallbackHandler getCallbackHandler(Message message,
Class<?> callingClass,
- String callbackProperty) {
+ String callbackProperty) throws WSSecurityException {
//Then try to get the password from the given callback handler
Object o = message.getContextualProperty(callbackProperty);
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils
- .loadClass((String)o, callingClass).newInstance();
- } catch (Exception e) {
- handler = null;
- }
- }
- return handler;
+ return org.apache.cxf.rt.security.utils.SecurityUtils.getCallbackHandler(o);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index a8a1be3..1e93601 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -50,7 +50,9 @@ import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
@@ -59,7 +61,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
@@ -75,7 +76,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
LogUtils.getL7dLogger(AbstractSamlInHandler.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private Validator samlValidator = new SamlAssertionValidator();
@@ -142,7 +143,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
throwFault("Crypto can not be loaded", ex);
}
data.setEnableRevocation(MessageUtils.isTrue(
- message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
+ message.getContextualProperty(ConfigurationConstants.ENABLE_REVOCATION)));
Signature sig = assertion.getSignature();
WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
index f54152e..71f140a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
@@ -27,13 +27,13 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSSConfig;
public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private boolean useDeflateEncoding = true;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index c19d199..7660337 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -63,9 +63,16 @@ public final class SAMLUtils {
}
public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
- CallbackHandler handler = SecurityUtils.getCallbackHandler(
- message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
- return createAssertion(message, handler);
+ try {
+ CallbackHandler handler = SecurityUtils.getCallbackHandler(
+ message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
+ return createAssertion(message, handler);
+ } catch (Exception ex) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
+ LOG.warning(sw.toString());
+ throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+ }
}
public static SamlAssertionWrapper createAssertion(Message message,
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
index 34f98ff..29f3b7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
@@ -75,7 +75,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
Map<String, List<String>> headers =
CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
if (headers == null) {
- headers = new HashMap<String, List<String>>();
+ headers = new HashMap<>();
message.put(Message.PROTOCOL_HEADERS, headers);
}
return headers;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 431d05e..31e0431 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -45,7 +45,6 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
@@ -113,7 +112,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
throwFault("Crypto can not be loaded", ex);
}
- Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey", 0);
+ Element encKeyElement = getNode(encDataElement, ENC_NS, "EncryptedKey", 0);
if (encKeyElement == null) {
//TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of band
throwFault("EncryptedKey element is not available", null);
@@ -146,8 +145,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
- Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS,
- "CipherValue", 0);
+ Element cipherValue = getNode(encKeyElement, ENC_NS, "CipherValue", 0);
if (cipherValue == null) {
throwFault("CipherValue element is not available", null);
}
@@ -200,7 +198,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
private String getEncodingMethodAlgorithm(Element parent) {
- Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+ Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
if (encMethod == null) {
throwFault("EncryptionMethod element is not available", null);
}
@@ -208,9 +206,9 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
private String getDigestMethodAlgorithm(Element parent) {
- Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+ Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
if (encMethod != null) {
- Element digestMethod = getNode(encMethod, WSConstants.SIG_NS, "DigestMethod", 0);
+ Element digestMethod = getNode(encMethod, SIG_NS, "DigestMethod", 0);
if (digestMethod != null) {
return digestMethod.getAttributeNS(null, "Algorithm");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
index 035e54b..0c5912e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
@@ -29,22 +29,28 @@ import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
public abstract class AbstractXmlSecInHandler {
+ protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ protected static final String SIG_PREFIX = "ds";
+ protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ protected static final String ENC_PREFIX = "xenc";
+ protected static final String WSU_NS =
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractXmlSecInHandler.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private boolean allowEmptyBody;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
index 61a30cd..5d5ae7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
@@ -40,15 +39,22 @@ import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ protected static final String SIG_PREFIX = "ds";
+ protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ protected static final String ENC_PREFIX = "xenc";
+ protected static final String WSU_NS =
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractXmlSecOutInterceptor.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
public AbstractXmlSecOutInterceptor() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
index 3875e61..ca092b9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
@@ -32,7 +32,6 @@ import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
@@ -42,7 +41,7 @@ import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.Reference;
@@ -291,86 +290,12 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
String expectedID = ref.getURI().substring(1);
if (!expectedID.equals(rootId)) {
- return findElementById(root, expectedID, true);
+ return XMLUtils.findElementById(root, expectedID, true);
} else {
return root;
}
}
- /**
- * Returns the single element that contains an Id with value
- * <code>uri</code> and <code>namespace</code>. The Id can be either a wsu:Id or an Id
- * with no namespace. This is a replacement for a XPath Id lookup with the given namespace.
- * It's somewhat faster than XPath, and we do not deal with prefixes, just with the real
- * namespace URI
- *
- * If checkMultipleElements is true and there are multiple elements, we log a
- * warning and return null as this can be used to get around the signature checking.
- *
- * @param startNode Where to start the search
- * @param value Value of the Id attribute
- * @param checkMultipleElements If true then go through the entire tree and return
- * null if there are multiple elements with the same Id
- * @return The found element if there was exactly one match, or
- * <code>null</code> otherwise
- */
- private static Element findElementById(
- Node startNode, String value, boolean checkMultipleElements
- ) {
- //
- // Replace the formerly recursive implementation with a depth-first-loop lookup
- //
- Node startParent = startNode.getParentNode();
- Node processedNode = null;
- Element foundElement = null;
- String id = value;
-
- while (startNode != null) {
- // start node processing at this point
- if (startNode.getNodeType() == Node.ELEMENT_NODE) {
- Element se = (Element) startNode;
- // Try the wsu:Id first
- String attributeNS = se.getAttributeNS(WSConstants.WSU_NS, "Id");
- if ("".equals(attributeNS) || !id.equals(attributeNS)) {
- attributeNS = se.getAttributeNS(null, "Id");
- }
- if ("".equals(attributeNS) || !id.equals(attributeNS)) {
- attributeNS = se.getAttributeNS(null, "ID");
- }
- if (!"".equals(attributeNS) && id.equals(attributeNS)) {
- if (!checkMultipleElements) {
- return se;
- } else if (foundElement == null) {
- foundElement = se; // Continue searching to find duplicates
- } else {
- // Multiple elements with the same 'Id' attribute value
- return null;
- }
- }
- }
-
- processedNode = startNode;
- startNode = startNode.getFirstChild();
-
- // no child, this node is done.
- if (startNode == null) {
- // close node processing, get sibling
- startNode = processedNode.getNextSibling();
- }
- // no more siblings, get parent, all children
- // of parent are processed.
- while (startNode == null) {
- processedNode = processedNode.getParentNode();
- if (processedNode == startParent) {
- return foundElement;
- }
- // close parent node processing (processed node now)
- startNode = processedNode.getNextSibling();
- }
- }
- return foundElement;
- }
-
public void setSignatureProperties(SignatureProperties properties) {
this.sigProps = properties;
}
@@ -385,7 +310,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
*/
public void setSubjectConstraints(List<String> constraints) {
if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
+ subjectDNPatterns = new ArrayList<>();
for (String constraint : constraints) {
try {
subjectDNPatterns.add(Pattern.compile(constraint.trim()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
index 94c9590..83951e0 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
@@ -29,7 +29,7 @@ import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -51,7 +51,7 @@ public final class EncryptionUtils {
int mode,
X509Certificate cert
) throws WSSecurityException {
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
try {
OAEPParameterSpec oaepParameters =
constructOAEPParameters(
@@ -81,7 +81,7 @@ public final class EncryptionUtils {
public static Cipher initCipherWithKey(String keyEncAlgo, String digestAlgo, int mode, Key key)
throws WSSecurityException {
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
try {
OAEPParameterSpec oaepParameters =
constructOAEPParameters(
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index 6635c3d..7659519 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -18,7 +18,6 @@
*/
package org.apache.cxf.rs.security.xml;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
@@ -34,7 +33,6 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
@@ -46,11 +44,10 @@ import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.message.token.DOMX509Data;
-import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.wss4j.common.token.DOMX509Data;
+import org.apache.wss4j.common.token.DOMX509IssuerSerial;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.impl.util.IDGenerator;
@@ -153,7 +150,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey);
Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false);
- NodeList list = result.getElementsByTagNameNS(WSConstants.ENC_NS, "CipherValue");
+ NodeList list = result.getElementsByTagNameNS(ENC_NS, "CipherValue");
if (list.getLength() != 1) {
throw new Exception("Payload CipherData is missing");
}
@@ -169,7 +166,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
private byte[] getSymmetricKey(String symEncAlgo) throws Exception {
synchronized (this) {
if (symmetricKey == null) {
- KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
symmetricKey = keyGen.generateKey();
}
return symmetricKey.getEncoded();
@@ -181,29 +178,6 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
return certs[0];
}
- private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
- try {
- //
- // Assume AES as default, so initialize it
- //
- String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
- KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
- keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
- keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
- keyGen.init(256);
- }
- return keyGen;
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
- }
- }
-
// Apache Security XMLCipher does not support
// Certificates for encrypting the keys
protected byte[] encryptSymmetricKey(byte[] keyBytes,
@@ -265,13 +239,10 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
xencCipherValue.appendChild(doc.createTextNode(encodedKey));
Element topKeyInfoElement =
- doc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
- );
+ doc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
Element retrievalMethodElement =
- doc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":RetrievalMethod"
- );
+ doc.createElementNS(SIG_NS, SIG_PREFIX + ":RetrievalMethod");
+
retrievalMethodElement.setAttribute("Type", DEFAULT_RETRIEVAL_METHOD_TYPE);
topKeyInfoElement.appendChild(retrievalMethodElement);
@@ -282,9 +253,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
protected Element createCipherValue(Document doc, Element encryptedKey) {
Element cipherData =
- doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherData");
+ doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherData");
Element cipherValue =
- doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherValue");
+ doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherValue");
cipherData.appendChild(cipherValue);
encryptedKey.appendChild(cipherData);
return cipherValue;
@@ -293,9 +264,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
private Element createKeyInfoElement(Document encryptedDataDoc,
X509Certificate remoteCert) throws Exception {
Element keyInfoElement =
- encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
- );
+ encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
String keyIdType = encProps.getEncryptionKeyIdType() == null
? SecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
@@ -311,11 +280,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
);
}
Text text = encryptedDataDoc.createTextNode(Base64.encode(data));
- Element cert = encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_CERT_LN);
+ Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
cert.appendChild(text);
- Element x509Data = encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_DATA_LN);
+ Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
x509Data.appendChild(cert);
keyIdentifierNode = x509Data;
@@ -341,16 +308,15 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
String keyEncAlgo,
String digestAlgo) {
Element encryptedKey =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedKey");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedKey");
Element encryptionMethod =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX
+ ":EncryptionMethod");
encryptionMethod.setAttributeNS(null, "Algorithm", keyEncAlgo);
if (digestAlgo != null) {
Element digestMethod =
- encryptedDataDoc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX
- + ":DigestMethod");
+ encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":DigestMethod");
digestMethod.setAttributeNS(null, "Algorithm", digestAlgo);
encryptionMethod.appendChild(digestMethod);
}
@@ -360,13 +326,12 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
protected Element createEncryptedDataElement(Document encryptedDataDoc, String symEncAlgo) {
Element encryptedData =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedData");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedData");
- WSSecurityUtil.setNamespace(encryptedData, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+ XMLUtils.setNamespace(encryptedData, ENC_NS, ENC_PREFIX);
Element encryptionMethod =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
- + ":EncryptionMethod");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptionMethod");
encryptionMethod.setAttributeNS(null, "Algorithm", symEncAlgo);
encryptedData.appendChild(encryptionMethod);
encryptedDataDoc.appendChild(encryptedData);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 03c4dd9..9576bb9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -85,7 +85,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
/**
* a collection of compiled regular expression patterns for the subject DN
*/
- private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
+ private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
public XmlSecInInterceptor() {
super(Phase.POST_STREAM);
@@ -211,7 +211,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
protected SecurityEventListener configureSecurityEventListener(
final Crypto sigCrypto, final Message msg, XMLSecurityProperties securityProperties
) {
- final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+ final List<SecurityEvent> incomingSecurityEventList = new LinkedList<>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
@@ -365,7 +365,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
*/
public void setSubjectConstraints(List<String> constraints) {
if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
+ subjectDNPatterns = new ArrayList<>();
for (String constraint : constraints) {
try {
subjectDNPatterns.add(Pattern.compile(constraint.trim()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 602f5bc..41be15a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -19,7 +19,6 @@
package org.apache.cxf.rs.security.xml;
import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -51,9 +50,8 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.Init;
-import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutboundXMLSec;
@@ -84,8 +82,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
private SecretKey symmetricKey;
private boolean signRequest;
private boolean encryptRequest;
- private List<QName> elementsToSign = new ArrayList<QName>();
- private List<QName> elementsToEncrypt = new ArrayList<QName>();
+ private List<QName> elementsToSign = new ArrayList<>();
+ private List<QName> elementsToEncrypt = new ArrayList<>();
private boolean keyInfoMustBeAvailable = true;
static {
@@ -259,36 +257,13 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
private SecretKey getSymmetricKey(String symEncAlgo) throws Exception {
synchronized (this) {
if (symmetricKey == null) {
- KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
symmetricKey = keyGen.generateKey();
}
return symmetricKey;
}
}
- private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
- try {
- //
- // Assume AES as default, so initialize it
- //
- String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
- KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
- keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
- keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
- keyGen.init(256);
- }
- return keyGen;
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
- }
- }
-
private void configureSignature(
Message message, XMLSecurityProperties properties
) throws Exception {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index 9c415ee..05800c6 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -61,7 +61,7 @@ public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
private static final Set<String> SUPPORTED_STYLES =
- new HashSet<String>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
+ new HashSet<>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
private QName envelopeQName = DEFAULT_ENV_QNAME;
private String sigStyle = ENVELOPED_SIG;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/pom.xml
----------------------------------------------------------------------
diff --git a/rt/security/pom.xml b/rt/security/pom.xml
index 1d487f2..1a1ca60 100644
--- a/rt/security/pom.xml
+++ b/rt/security/pom.xml
@@ -47,28 +47,6 @@
<version>${cxf.wss4j.version}</version>
</dependency>
<dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml-xacml-impl</artifactId>
- <version>${cxf.opensaml.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.google.code.findbugs</groupId>
- <artifactId>jsr305</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml-xacml-saml-impl</artifactId>
- <version>${cxf.opensaml.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.google.code.findbugs</groupId>
- <artifactId>jsr305</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<scope>test</scope>
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
index 668efc1..1e58575 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
@@ -41,7 +41,7 @@ public class Claim implements Serializable, Cloneable {
private URI claimType;
private boolean optional;
- private List<Object> values = new ArrayList<Object>(1);
+ private List<Object> values = new ArrayList<>(1);
public Claim() {
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
index 284b6ea..22d61cf 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
@@ -52,13 +52,13 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
private static final Set<String> SKIP_METHODS;
static {
- SKIP_METHODS = new HashSet<String>();
+ SKIP_METHODS = new HashSet<>();
SKIP_METHODS.addAll(Arrays.asList(
new String[] {"wait", "notify", "notifyAll",
"equals", "toString", "hashCode"}));
}
- private Map<String, List<ClaimBean>> claims = new HashMap<String, List<ClaimBean>>();
+ private Map<String, List<ClaimBean>> claims = new HashMap<>();
private Map<String, String> nameAliases = Collections.emptyMap();
private Map<String, String> formatAliases = Collections.emptyMap();
@@ -163,7 +163,7 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
List<ClaimBean> methodClaims =
getClaims(m.getAnnotation(Claims.class), m.getAnnotation(Claim.class));
- List<ClaimBean> allClaims = new ArrayList<ClaimBean>(methodClaims);
+ List<ClaimBean> allClaims = new ArrayList<>(methodClaims);
for (ClaimBean bean : clsClaims) {
if (isClaimOverridden(bean, methodClaims)) {
continue;
@@ -200,9 +200,9 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
private List<ClaimBean> getClaims(
Claims claimsAnn, Claim claimAnn) {
- List<ClaimBean> claimsList = new ArrayList<ClaimBean>();
+ List<ClaimBean> claimsList = new ArrayList<>();
- List<Claim> annClaims = new ArrayList<Claim>();
+ List<Claim> annClaims = new ArrayList<>();
if (claimsAnn != null) {
annClaims.addAll(Arrays.asList(claimsAnn.value()));
} else if (claimAnn != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
index bec5702..8229a07 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
@@ -109,7 +109,7 @@ public final class SAMLUtils {
roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
- Set<Principal> roles = new HashSet<Principal>();
+ Set<Principal> roles = new HashSet<>();
for (Claim claim : claims) {
if (claim instanceof SAMLClaim && ((SAMLClaim)claim).getName().equals(name)
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
new file mode 100644
index 0000000..c62acf8
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.wss4j.common.ext.WSSecurityException;
+
+/**
+ * Some common functionality
+ */
+public final class SecurityUtils {
+
+ private SecurityUtils() {
+ // complete
+ }
+
+ public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o,
+ SecurityUtils.class).newInstance();
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+ return handler;
+ }
+
+ public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
+ Object o = message.getContextualProperty(configFileKey);
+ if (o == null) {
+ o = configFileDefault;
+ }
+
+ return loadResource(message, o);
+ }
+
+ public static URL loadResource(Message message, Object o) {
+
+ if (o instanceof String) {
+ URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
+ if (url != null) {
+ return url;
+ }
+ ClassLoaderHolder orig = null;
+ try {
+ if (message != null) {
+ ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+ ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
+ if (loader != null) {
+ orig = ClassLoaderUtils.setThreadContextClassloader(loader);
+ }
+ url = manager.resolveResource((String)o, URL.class);
+ }
+ if (url == null) {
+ try {
+ url = new URL((String)o);
+ } catch (IOException e) {
+ // Do nothing
+ }
+ }
+ if (url == null) {
+ try {
+ URI propResourceUri = URI.create((String)o);
+ if (propResourceUri.getScheme() != null) {
+ url = propResourceUri.toURL();
+ } else {
+ File f = new File(propResourceUri.toString());
+ if (f.exists()) {
+ url = f.toURI().toURL();
+ }
+ }
+ } catch (IOException ex) {
+ // Do nothing
+ }
+ }
+ return url;
+ } finally {
+ if (orig != null) {
+ orig.reset();
+ }
+ }
+ } else if (o instanceof URL) {
+ return (URL)o;
+ }
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
index c0e6da0..fe109e5 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
@@ -77,7 +77,7 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI
LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc;
Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
- List<String> roles = new ArrayList<String>();
+ List<String> roles = new ArrayList<>();
if (principalRoles != null) {
for (Principal p : principalRoles) {
if (p != principal) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
index cfb8793..c2bb40b 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
@@ -81,7 +81,7 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
}
private ResourceType createResourceType(CXFMessageParser messageParser) {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
+ List<AttributeType> attributes = new ArrayList<>();
// Resource-id
String resourceId = null;
@@ -131,23 +131,26 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
}
private EnvironmentType createEnvironmentType() {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
if (sendDateTime) {
+ List<AttributeType> attributes = new ArrayList<>();
AttributeType environmentAttribute = createAttribute(XACMLConstants.CURRENT_DATETIME,
XACMLConstants.XS_DATETIME, null,
new DateTime().toString());
attributes.add(environmentAttribute);
+ return RequestComponentBuilder.createEnvironmentType(attributes);
}
+
+ List<AttributeType> attributes = Collections.emptyList();
return RequestComponentBuilder.createEnvironmentType(attributes);
}
private SubjectType createSubjectType(Principal principal, List<String> roles, String issuer) {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
+ List<AttributeType> attributes = new ArrayList<>();
attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer,
principal.getName()));
if (roles != null) {
- List<AttributeValueType> roleAttributes = new ArrayList<AttributeValueType>();
+ List<AttributeValueType> roleAttributes = new ArrayList<>();
for (String role : roles) {
if (role != null) {
AttributeValueType subjectRoleAttributeValue =
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
deleted file mode 100644
index 17f8d57..0000000
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.ws.security;
-
-import java.io.IOException;
-import java.net.URL;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-
-/**
- * Some common functionality
- */
-public final class SecurityUtils {
-
- private SecurityUtils() {
- // complete
- }
-
- public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o,
- SecurityUtils.class).newInstance();
- } catch (Exception e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- }
- return handler;
- }
-
- public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
- Object o = message.getContextualProperty(configFileKey);
- if (o == null) {
- o = configFileDefault;
- }
-
- return loadResource(message, o);
- }
-
- public static URL loadResource(Message message, Object o) {
-
- if (o instanceof String) {
- URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
- if (url != null) {
- return url;
- }
- ClassLoaderHolder orig = null;
- try {
- ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
- if (loader != null) {
- orig = ClassLoaderUtils.setThreadContextClassloader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- if (url == null) {
- try {
- url = new URL((String)o);
- } catch (IOException e) {
- // Do nothing
- }
- }
- return url;
- } finally {
- if (orig != null) {
- orig.reset();
- }
- }
- } else if (o instanceof URL) {
- return (URL)o;
- }
- return null;
- }
-
- public static TokenStore getTokenStore(Message message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- TokenStore tokenStore =
- (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- if (tokenStore == null) {
- tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- }
- if (tokenStore == null) {
- TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
- String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
- String cacheIdentifier =
- (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
- if (cacheIdentifier != null) {
- cacheKey += "-" + cacheIdentifier;
- } else if (info.getName() != null) {
- int hashcode = info.getName().toString().hashCode();
- if (hashcode < 0) {
- cacheKey += hashcode;
- } else {
- cacheKey += "-" + hashcode;
- }
- }
- tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
- info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
- }
- return tokenStore;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index e67938d..62c4dd3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -23,8 +23,8 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 7c03bb2..de9d1c6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -40,11 +40,11 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.kerberos.KerberosClient;
import org.apache.cxf.ws.security.kerberos.KerberosUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
@@ -128,11 +128,11 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID,
tok.getId());
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval
if (tok.getSHA1() != null) {
- SecurityUtils.getTokenStore(message).add(tok.getSHA1(), tok);
+ TokenStoreUtils.getTokenStore(message).add(tok.getSHA1(), tok);
}
}
} else {
@@ -267,7 +267,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
// Just consume this for now as it isn't critical...
}
- SecurityUtils.getTokenStore(message).add(token);
+ TokenStoreUtils.getTokenStore(message).add(token);
message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
index 3ac9fb9..6690523 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
@@ -43,10 +43,10 @@ import org.apache.cxf.ws.policy.EndpointPolicy;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
@@ -159,7 +159,7 @@ final class NegotiationUtils {
try {
Endpoint endpoint = message.getExchange().getEndpoint();
- TokenStore store = SecurityUtils.getTokenStore(message);
+ TokenStore store = TokenStoreUtils.getTokenStore(message);
if (secConv) {
endpoint = STSUtils.createSCEndpoint(bus,
namespace,
@@ -230,7 +230,7 @@ final class NegotiationUtils {
(SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());
- SecurityToken token = SecurityUtils.getTokenStore(message).getToken(tok.getIdentifier());
+ SecurityToken token = TokenStoreUtils.getTokenStore(message).getToken(tok.getIdentifier());
if (token == null || token.isExpired()) {
byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
if (secret != null) {
@@ -238,7 +238,7 @@ final class NegotiationUtils {
token.setToken(tok.getElement());
token.setSecret(secret);
token.setTokenType(tok.getTokenType());
- SecurityUtils.getTokenStore(message).add(token);
+ TokenStoreUtils.getTokenStore(message).add(token);
}
}
if (token != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
index 2771883..57e9c6d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
@@ -25,6 +25,7 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
@@ -33,9 +34,9 @@ import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -93,7 +94,7 @@ public final class STSTokenHelper {
message.put(SecurityConstants.TOKEN_ID, tok.getId());
}
// ?
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
return tok;
}
@@ -110,7 +111,7 @@ public final class STSTokenHelper {
if (tok == null) {
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
} else {
@@ -118,7 +119,7 @@ public final class STSTokenHelper {
if (tok == null) {
String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
}
@@ -208,7 +209,7 @@ public final class STSTokenHelper {
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN);
- SecurityUtils.getTokenStore(message).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(message).remove(tok.getId());
// If the user has explicitly disabled Renewing then we can't renew a token,
// so just get a new one
@@ -317,7 +318,7 @@ public final class STSTokenHelper {
Element actAsToken,
String appliesTo,
boolean enableAppliesTo) throws Exception {
- TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+ TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
String key = appliesTo;
if (!enableAppliesTo || key == null || "".equals(key)) {
key = ASSOCIATED_TOKEN;
@@ -382,7 +383,7 @@ public final class STSTokenHelper {
if (issuedToken == null) {
return;
}
- TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+ TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
String key = appliesTo;
if (!enableAppliesTo || key == null || "".equals(key)) {
key = ASSOCIATED_TOKEN;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index c869f57..5bdab96 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -28,6 +28,7 @@ import java.util.Properties;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
@@ -47,11 +48,11 @@ import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
@@ -429,7 +430,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
if (st == null) {
String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
- st = SecurityUtils.getTokenStore(message).getToken(id);
+ st = TokenStoreUtils.getTokenStore(message).getToken(id);
}
}
if (st != null && !st.isExpired()) {
@@ -506,7 +507,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
if (tok == null) {
String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(m2).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(m2).getToken(tokId);
}
}
@@ -529,7 +530,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
}
client.cancelSecurityToken(tok);
- SecurityUtils.getTokenStore(m2).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(m2).remove(tok.getId());
m2.put(SecurityConstants.TOKEN, null);
} catch (RuntimeException e) {
throw e;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index 083b1f9..5f92311 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -36,10 +36,10 @@ import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.IssuedTokenOutInterceptor;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -75,7 +75,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
if (tok == null) {
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
if (tok == null) {
@@ -91,7 +91,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN, tok);
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
} else {
@@ -118,7 +118,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN);
- SecurityUtils.getTokenStore(message).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(message).remove(tok.getId());
STSClient client = STSUtils.getClient(message, "sct");
AddressingProperties maps =