You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/12/18 18:05:47 UTC
svn commit: r727764 - in /cxf/trunk: rt/ws/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
rt/ws/security/src/test/java/org/apache/cxf/ws/security/ws...
Author: dkulp
Date: Thu Dec 18 09:05:47 2008
New Revision: 727764
URL: http://svn.apache.org/viewvc?rev=727764&view=rev
Log:
Move to wss4j 1.5.5. Enable processing of responses using derived keys from non-included keys (keys in the keystore)
Modified:
cxf/trunk/rt/ws/security/pom.xml
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Modified: cxf/trunk/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Thu Dec 18 09:05:47 2008
@@ -31,6 +31,22 @@
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
+
+ <repositories>
+ <!-- temporary add the apache snapshot repo to get the wss4j snapshot -->
+ <repository>
+ <id>apache.snapshot</id>
+ <name>Apache Snapshot Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </repository>
+ </repositories>
+
<dependencies>
<dependency>
@@ -71,7 +87,7 @@
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
- <version>1.5.4</version>
+ <version>1.5.5-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>axis</groupId>
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Thu Dec 18 09:05:47 2008
@@ -311,6 +311,9 @@
return action;
}
void assertWSS11(AssertionInfoMap aim, SoapMessage message) {
+ if (isRequestor(message)) {
+ message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
+ }
Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
if (ais != null) {
for (AssertionInfo ai : ais) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Dec 18 09:05:47 2008
@@ -61,9 +61,11 @@
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -356,10 +358,19 @@
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
- String id = pc.getIdentifer();
- for (SecurityToken token : store.getValidTokens()) {
- if (id.equals(token.getSHA1())) {
- pc.setKey(token.getSecret());
+
+ String id = pc.getIdentifier();
+ if (pc.getKeyType().equals(SecurityTokenReference.ENC_KEY_SHA1_URI)) {
+ for (SecurityToken token : store.getValidTokens()) {
+ if (id.equals(token.getSHA1())) {
+ pc.setKey(token.getSecret());
+ return;
+ }
+ }
+ } else {
+ SecurityToken tok = store.getToken(id);
+ if (tok != null) {
+ pc.setKey(tok.getSecret());
return;
}
}
@@ -403,6 +414,24 @@
}
return cbHandler;
}
+ public Crypto loadSignatureCrypto(RequestData reqData)
+ throws WSSecurityException {
+ try {
+ return super.loadSignatureCrypto(reqData);
+ } catch (Exception ex) {
+ return null;
+ }
+ }
+ protected Crypto loadDecryptionCrypto(RequestData reqData)
+ throws WSSecurityException {
+ try {
+ return super.loadDecryptionCrypto(reqData);
+ } catch (Exception ex) {
+ return null;
+ }
+ }
+
+
/**
* @return the WSSecurityEngine in use by this interceptor.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Thu Dec 18 09:05:47 2008
@@ -432,6 +432,7 @@
st = getTokenStore().getToken(id);
}
}
+ getTokenStore().add(st);
return st;
}
@@ -779,6 +780,7 @@
Token token) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
Crypto crypto = getEncryptionCrypto(wrapper);
+ message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, wrapper, token);
setEncryptionUser(encrKey, wrapper, false, crypto);
encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
@@ -1026,6 +1028,8 @@
}
Crypto crypto = encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper);
+ message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
+
String user = (String)message.getContextualProperty(userNameKey);
if (StringUtils.isEmpty(user)) {
user = crypto.getDefaultX509Alias();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Dec 18 09:05:47 2008
@@ -34,6 +34,7 @@
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
@@ -462,6 +463,7 @@
encr.setEncKeyId(encrTokId);
encr.setEphemeralKey(encrTok.getSecret());
Crypto crypto = getEncryptionCrypto(recToken);
+ this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setEncryptionUser(encr, recToken, false, crypto);
encr.setDocument(saaj.getSOAPPart());
@@ -630,14 +632,14 @@
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getAsymmetricSignature());
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+ Crypto crypto = null;
if (sbinding.getProtectionToken() != null) {
- sig.prepare(saaj.getSOAPPart(), getEncryptionCrypto(sbinding.getProtectionToken()),
- secHeader);
+ crypto = getEncryptionCrypto(sbinding.getProtectionToken());
} else {
- sig.prepare(saaj.getSOAPPart(), getSignatureCrypto(policyTokenWrapper),
- secHeader);
+ crypto = getSignatureCrypto(policyTokenWrapper);
}
-
+ this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
+ sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
sig.setParts(sigs);
sig.addReferencesToSign(sigs, secHeader);
Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java (original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/TestPwdCallback.java Thu Dec 18 09:05:47 2008
@@ -40,7 +40,7 @@
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
- String pass = (String)passwords.get(pc.getIdentifer());
+ String pass = (String)passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
}
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java Thu Dec 18 09:05:47 2008
@@ -49,7 +49,7 @@
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
- String pass = passwords.get(pc.getIdentifer());
+ String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=727764&r1=727763&r2=727764&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Thu Dec 18 09:05:47 2008
@@ -54,7 +54,7 @@
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
- if (pc.getIdentifer().equals("bob")) {
+ if (pc.getIdentifier().equals("bob")) {
// set the password on the callback. This will be compared to the
// password which was sent from the client.
pc.setPassword("pwd");