You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/12/14 18:15:12 UTC
svn commit: r1848965 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Author: coheigea
Date: Fri Dec 14 18:15:12 2018
New Revision: 1848965
URL: http://svn.apache.org/viewvc?rev=1848965&view=rev
Log:
Don't store the PrivateKey in SamlKeyInfo any more
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java?rev=1848965&r1=1848964&r2=1848965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java Fri Dec 14 18:15:12 2018
@@ -19,7 +19,6 @@
package org.apache.wss4j.common.saml;
-import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -43,11 +42,6 @@ public class SAMLKeyInfo {
*/
private PublicKey publicKey;
- /**
- * The private key
- */
- private PrivateKey privateKey;
-
public SAMLKeyInfo() {
}
@@ -87,11 +81,4 @@ public class SAMLKeyInfo {
this.publicKey = publicKey;
}
- public PrivateKey getPrivateKey() {
- return privateKey;
- }
-
- public void setPrivateKey(PrivateKey privateKey) {
- this.privateKey = privateKey;
- }
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1848965&r1=1848964&r2=1848965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java Fri Dec 14 18:15:12 2018
@@ -20,7 +20,6 @@ package org.apache.wss4j.stax.impl.proce
import java.security.Key;
import java.security.PrivateKey;
-import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
@@ -36,7 +35,6 @@ import org.apache.wss4j.common.ext.WSPas
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
@@ -142,7 +140,6 @@ public class SAMLTokenOutputProcessor ex
securityToken.setProcessor(finalSAMLTokenOutputProcessor);
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && hok) {
- final SAMLKeyInfo samlKeyInfo = getSamlKeyInfo(samlCallback);
final Element ref;
if (securityToken != null) {
@@ -155,8 +152,8 @@ public class SAMLTokenOutputProcessor ex
securityTokenReferenceId, senderVouches, includeSTR);
final SAMLSecurityTokenProvider securityTokenProvider =
- new SAMLSecurityTokenProvider(samlKeyInfo, samlCallback, tokenId, ref,
- finalSAMLTokenOutputProcessor);
+ new SAMLSecurityTokenProvider(samlCallback, (WSSSecurityProperties)getSecurityProperties(),
+ tokenId, ref, finalSAMLTokenOutputProcessor);
//fire a tokenSecurityEvent
TokenSecurityEvent<OutboundSecurityToken> tokenSecurityEvent =
@@ -278,62 +275,20 @@ public class SAMLTokenOutputProcessor ex
return bstSecurityToken;
}
- private SAMLKeyInfo getSamlKeyInfo(SAMLCallback samlCallback)
- throws WSSConfigurationException, WSSecurityException {
-
- final SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo();
-
- SubjectBean subjectBean = samlCallback.getSubject();
- if (subjectBean != null) {
- KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
- if (keyInfoBean != null) {
- X509Certificate x509Certificate = keyInfoBean.getCertificate();
- if (x509Certificate != null) {
- String alias = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().
- getX509Identifier(x509Certificate);
- if (alias == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
- }
- WSPasswordCallback wsPasswordCallback =
- new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
- WSSUtils.doPasswordCallback(
- ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
- wsPasswordCallback);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(alias);
- samlKeyInfo.setCerts(((WSSSecurityProperties) getSecurityProperties()).
- getSignatureCrypto().getX509Certificates(cryptoType));
- samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
- getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword()));
- } else if (keyInfoBean.getPublicKey() != null) {
- PublicKey publicKey = keyInfoBean.getPublicKey();
- samlKeyInfo.setPublicKey(publicKey);
- samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
- getSignatureCrypto().getPrivateKey(
- samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword()));
- } else {
- samlKeyInfo.setSecret(keyInfoBean.getEphemeralKey());
- }
- }
- }
-
- return samlKeyInfo;
- }
-
private static class SAMLSecurityTokenProvider
implements SecurityTokenProvider<OutboundSecurityToken> {
private GenericOutboundSecurityToken samlSecurityToken;
- private SAMLKeyInfo samlKeyInfo;
private SAMLCallback samlCallback;
private String tokenId;
private Element ref;
private FinalSAMLTokenOutputProcessor finalSAMLTokenOutputProcessor;
+ private WSSSecurityProperties securityProperties;
- SAMLSecurityTokenProvider(SAMLKeyInfo samlKeyInfo, SAMLCallback samlCallback, String tokenId,
+ SAMLSecurityTokenProvider(SAMLCallback samlCallback, WSSSecurityProperties securityProperties, String tokenId,
Element ref, FinalSAMLTokenOutputProcessor finalSAMLTokenOutputProcessor) {
- this.samlKeyInfo = samlKeyInfo;
this.samlCallback = samlCallback;
+ this.securityProperties = securityProperties;
this.tokenId = tokenId;
this.ref = ref;
this.finalSAMLTokenOutputProcessor = finalSAMLTokenOutputProcessor;
@@ -354,9 +309,11 @@ public class SAMLTokenOutputProcessor ex
} else {
tokenType = WSSecurityTokenConstants.SAML_20_TOKEN;
}
- if (samlKeyInfo.getPrivateKey() != null) {
+
+ PrivateKey privateKey = getPrivateKeyUsingCallback();
+ if (privateKey != null) {
this.samlSecurityToken = new GenericOutboundSecurityToken(
- tokenId, tokenType, samlKeyInfo.getPrivateKey(), samlKeyInfo.getCerts());
+ tokenId, tokenType, privateKey, getCertificatesUsingCallback());
} else {
this.samlSecurityToken = new GenericOutboundSecurityToken(
tokenId, tokenType) {
@@ -373,9 +330,10 @@ public class SAMLTokenOutputProcessor ex
if (key != null) {
return key;
}
- if (samlKeyInfo.getSecret() != null) {
+ byte[] secretKey = getSecretKeyUsingCallback();
+ if (secretKey != null) {
String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
- key = new SecretKeySpec(samlKeyInfo.getSecret(), algoFamily);
+ key = new SecretKeySpec(secretKey, algoFamily);
setSecretKey(algorithmURI, key);
}
return key;
@@ -387,6 +345,73 @@ public class SAMLTokenOutputProcessor ex
return this.samlSecurityToken;
}
+ private PrivateKey getPrivateKeyUsingCallback()
+ throws WSSConfigurationException, WSSecurityException {
+
+ SubjectBean subjectBean = samlCallback.getSubject();
+ if (subjectBean != null) {
+ KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+ if (keyInfoBean != null) {
+ X509Certificate x509Certificate = keyInfoBean.getCertificate();
+ if (x509Certificate != null) {
+ String alias = securityProperties.getSignatureCrypto().getX509Identifier(x509Certificate);
+ if (alias == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
+ }
+ WSPasswordCallback wsPasswordCallback =
+ new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
+ WSSUtils.doPasswordCallback(securityProperties.getCallbackHandler(), wsPasswordCallback);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ return securityProperties.getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword());
+ } else if (keyInfoBean.getPublicKey() != null) {
+ return securityProperties.getSignatureCrypto().getPrivateKey(
+ samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword());
+ }
+ }
+ }
+
+ return null;
+ }
+
+ private X509Certificate[] getCertificatesUsingCallback()
+ throws WSSConfigurationException, WSSecurityException {
+
+ SubjectBean subjectBean = samlCallback.getSubject();
+ if (subjectBean != null) {
+ KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+ if (keyInfoBean != null) {
+ X509Certificate x509Certificate = keyInfoBean.getCertificate();
+ if (x509Certificate != null) {
+ String alias = securityProperties.getSignatureCrypto().getX509Identifier(x509Certificate);
+ if (alias == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
+ }
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ return securityProperties.getSignatureCrypto().getX509Certificates(cryptoType);
+ }
+ }
+ }
+
+ return null;
+ }
+
+
+ private byte[] getSecretKeyUsingCallback()
+ throws WSSConfigurationException, WSSecurityException {
+
+ SubjectBean subjectBean = samlCallback.getSubject();
+ if (subjectBean != null) {
+ KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+ if (keyInfoBean != null && keyInfoBean.getCertificate() == null && keyInfoBean.getPublicKey() == null) {
+ return keyInfoBean.getEphemeralKey();
+ }
+ }
+
+ return null;
+ }
+
@Override
public String getId() {
return tokenId;