You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/07/01 16:41:52 UTC
cxf git commit: Temporarily applying a fix for crypto loading until
the next WSS4J release is out
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 7e751b2f6 -> 55cb81445
Temporarily applying a fix for crypto loading until the next WSS4J release is out
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55cb8144
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55cb8144
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55cb8144
Branch: refs/heads/3.1.x-fixes
Commit: 55cb81445f7ec37fddec1278a6991fa00c6ae76d
Parents: 7e751b2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 1 17:41:34 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 1 17:41:34 2016 +0100
----------------------------------------------------------------------
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 75 ++++++++++++++++++++
1 file changed, 75 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/55cb8144/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index fb80007..962b5ce 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -24,6 +24,8 @@ import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
+import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -31,6 +33,7 @@ import javax.xml.stream.XMLStreamException;
import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
@@ -43,8 +46,10 @@ import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParamete
import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -64,6 +69,9 @@ import org.apache.wss4j.policy.model.Wss11;
*
*/
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);
+
/**
*
*/
@@ -80,6 +88,73 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
}
}
+ /**
+ * TODO - This method can be removed when WSS4J 2.1.7 is released - see WSS-582
+ *
+ * Load a Crypto instance. Firstly, it tries to use the cryptoPropertyRefId tag to retrieve
+ * a Crypto object via a custom reference Id. Failing this, it tries to load the crypto
+ * instance via the cryptoPropertyFile tag.
+ *
+ * @param requestData the RequestData object
+ * @return a Crypto instance to use for Encryption creation/verification
+ */
+ @Override
+ protected Crypto loadCrypto(
+ String cryptoPropertyFile,
+ String cryptoPropertyRefId,
+ RequestData requestData
+ ) throws WSSecurityException {
+ Object mc = requestData.getMsgContext();
+ Crypto crypto = null;
+
+ //
+ // Try the Property Ref Id first
+ //
+ String refId = getString(cryptoPropertyRefId, mc);
+ if (refId != null) {
+ crypto = cryptos.get(refId);
+ if (crypto == null) {
+ Object obj = getProperty(mc, refId);
+ if (obj instanceof Properties) {
+ crypto = CryptoFactory.getInstance((Properties)obj,
+ Loader.getClassLoader(CryptoFactory.class),
+ getPasswordEncryptor(requestData));
+ cryptos.put(refId, crypto);
+ } else if (obj instanceof Crypto) {
+ // No need to cache this as it's already loaded
+ crypto = (Crypto)obj;
+ }
+ }
+ if (crypto == null) {
+ LOG.warning("The Crypto reference " + refId + " specified by "
+ + cryptoPropertyRefId + " could not be loaded"
+ );
+ }
+ }
+
+ //
+ // Now try loading the properties file
+ //
+ if (crypto == null) {
+ String propFile = getString(cryptoPropertyFile, mc);
+ if (propFile != null) {
+ crypto = cryptos.get(propFile);
+ if (crypto == null) {
+ crypto = loadCryptoFromPropertiesFile(propFile, requestData);
+ cryptos.put(propFile, crypto);
+ }
+ if (crypto == null) {
+ LOG.warning(
+ "The Crypto properties file " + propFile + " specified by "
+ + cryptoPropertyFile + " could not be loaded or found"
+ );
+ }
+ }
+ }
+
+ return crypto;
+ }
+
private void handleWSS11(AssertionInfoMap aim, SoapMessage message) {
if (isRequestor(message)) {
message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");