You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/12/06 18:17:20 UTC
svn commit: r1548603 [1/3] - in /cxf/trunk/rt/ws/security/src:
main/java/org/apache/cxf/ws/security/wss4j/
main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
test/java/org/apache/cxf/ws/security/wss4j/
test/java/org/apache/cxf/ws/security/wss4j...
Author: coheigea
Date: Fri Dec 6 17:17:19 2013
New Revision: 1548603
URL: http://svn.apache.org/r1548603
Log:
Largish refactor of streaming security configuration
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMSignatureIdentifierTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java Fri Dec 6 17:17:19 2013
@@ -58,6 +58,7 @@ import org.apache.wss4j.common.crypto.Pa
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
@@ -75,111 +76,89 @@ public abstract class AbstractWSS4JStaxI
private Map<String, Object> properties = new ConcurrentHashMap<String, Object>();
private Map<String, Crypto> cryptos = new ConcurrentHashMap<String, Crypto>();
- private WSSSecurityProperties securityProperties;
+ private WSSSecurityProperties userSecurityProperties;
private Set<String> before = new HashSet<String>();
private Set<String> after = new HashSet<String>();
private String phase;
private String id;
- public AbstractWSS4JStaxInterceptor() {
+ public AbstractWSS4JStaxInterceptor(WSSSecurityProperties securityProperties) {
super();
id = getClass().getName();
+ userSecurityProperties = securityProperties;
}
public AbstractWSS4JStaxInterceptor(Map<String, Object> properties) {
- this();
- this.properties.putAll(properties);
+ super();
+ id = getClass().getName();
+ this.properties = properties;
+ }
+
+ protected WSSSecurityProperties createSecurityProperties() {
+ if (userSecurityProperties != null) {
+ return new WSSSecurityProperties(userSecurityProperties);
+ } else {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ ConfigurationConverter.parseActions(properties, securityProperties);
+ ConfigurationConverter.parseUserProperties(properties, securityProperties);
+ ConfigurationConverter.parseCallback(properties, securityProperties);
+ ConfigurationConverter.parseBooleanProperties(properties, securityProperties);
+ ConfigurationConverter.parseNonBooleanProperties(properties, securityProperties);
+ return securityProperties;
+ }
}
- protected void translateProperties(SoapMessage msg) {
+ protected void translateProperties(SoapMessage msg, WSSSecurityProperties securityProperties) {
String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
if (bspCompliant != null) {
- if (securityProperties != null) {
- securityProperties.setDisableBSPEnforcement(Boolean.valueOf(bspCompliant));
- } else {
- properties.put(ConfigurationConstants.IS_BSP_COMPLIANT, bspCompliant);
- }
+ securityProperties.setDisableBSPEnforcement(!Boolean.valueOf(bspCompliant));
}
+
String futureTTL =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
if (futureTTL != null) {
- if (securityProperties != null) {
- securityProperties.setTimeStampFutureTTL(Integer.parseInt(futureTTL));
- } else {
- properties.put(ConfigurationConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
- }
+ securityProperties.setTimeStampFutureTTL(Integer.parseInt(futureTTL));
}
+
String ttl =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
if (ttl != null) {
- if (securityProperties != null) {
- securityProperties.setTimestampTTL(Integer.parseInt(ttl));
- } else {
- properties.put(ConfigurationConstants.TTL_TIMESTAMP, ttl);
- }
+ securityProperties.setTimestampTTL(Integer.parseInt(ttl));
}
String utFutureTTL =
(String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
if (utFutureTTL != null) {
- if (securityProperties != null) {
- securityProperties.setUtFutureTTL(Integer.parseInt(utFutureTTL));
- } else {
- properties.put(ConfigurationConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL);
- }
+ securityProperties.setUtFutureTTL(Integer.parseInt(utFutureTTL));
}
+
String utTTL =
(String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
if (utTTL != null) {
- if (securityProperties != null) {
- securityProperties.setUtTTL(Integer.parseInt(utTTL));
- } else {
- properties.put(ConfigurationConstants.TTL_USERNAMETOKEN, utTTL);
- }
+ securityProperties.setUtTTL(Integer.parseInt(utTTL));
}
String certConstraints =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
if (certConstraints != null) {
- if (securityProperties != null) {
- securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
- } else {
- properties.put(ConfigurationConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
- }
+ securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
}
// Now set SAML SenderVouches + Holder Of Key requirements
String validateSAMLSubjectConf =
(String)msg.getContextualProperty(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION);
if (validateSAMLSubjectConf != null) {
- if (securityProperties != null) {
- securityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(validateSAMLSubjectConf));
- } else {
- properties.put(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION,
- validateSAMLSubjectConf);
- }
+ securityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(validateSAMLSubjectConf));
}
String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
if (actor != null) {
- if (securityProperties != null) {
- securityProperties.setActor(actor);
- } else {
- properties.put(ConfigurationConstants.ACTOR, actor);
- }
+ securityProperties.setActor(actor);
}
boolean mustUnderstand =
MessageUtils.getContextualBoolean(msg, SecurityConstants.MUST_UNDERSTAND, true);
- if (properties != null) {
- properties.put(ConfigurationConstants.MUST_UNDERSTAND, Boolean.toString(mustUnderstand));
- }
-
- PasswordEncryptor passwordEncryptor =
- (PasswordEncryptor)msg.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
- if (passwordEncryptor != null && securityProperties == null) {
- properties.put(ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE, passwordEncryptor);
- }
+ securityProperties.setMustUnderstand(mustUnderstand);
}
private Collection<Pattern> convertCertConstraints(String certConstraints) {
@@ -200,7 +179,9 @@ public abstract class AbstractWSS4JStaxI
return null;
}
- protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException {
+ protected void configureCallbackHandler(
+ SoapMessage soapMessage, WSSSecurityProperties securityProperties
+ ) throws WSSecurityException {
Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
if (o instanceof String) {
try {
@@ -228,13 +209,7 @@ public abstract class AbstractWSS4JStaxI
}
if (o instanceof CallbackHandler) {
- Map<String, Object> config = getProperties();
-
- if (securityProperties != null) {
- securityProperties.setCallbackHandler((CallbackHandler)o);
- } else {
- config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
- }
+ securityProperties.setCallbackHandler((CallbackHandler)o);
}
}
@@ -323,14 +298,6 @@ public abstract class AbstractWSS4JStaxI
return MessageUtils.isRequestor(message);
}
- public WSSSecurityProperties getSecurityProperties() {
- return securityProperties;
- }
-
- public void setSecurityProperties(WSSSecurityProperties securityProperties) {
- this.securityProperties = securityProperties;
- }
-
/**
* Load a Crypto instance. Firstly, it tries to use the cryptoPropertyRefId tag to retrieve
* a Crypto object via a custom reference Id. Failing this, it tries to load the crypto
@@ -339,7 +306,8 @@ public abstract class AbstractWSS4JStaxI
protected Crypto loadCrypto(
SoapMessage soapMessage,
String cryptoPropertyFile,
- String cryptoPropertyRefId
+ String cryptoPropertyRefId,
+ WSSSecurityProperties securityProperties
) throws WSSecurityException {
Crypto crypto = null;
@@ -354,7 +322,7 @@ public abstract class AbstractWSS4JStaxI
if (obj instanceof Properties) {
crypto = CryptoFactory.getInstance((Properties)obj,
getClassLoader(),
- getPasswordEncryptor(soapMessage));
+ getPasswordEncryptor(soapMessage, securityProperties));
cryptos.put(refId, crypto);
} else if (obj instanceof Crypto) {
crypto = (Crypto)obj;
@@ -376,7 +344,7 @@ public abstract class AbstractWSS4JStaxI
if (propFile != null) {
crypto = cryptos.get(propFile);
if (crypto == null) {
- crypto = loadCryptoFromPropertiesFile(soapMessage, propFile);
+ crypto = loadCryptoFromPropertiesFile(soapMessage, propFile, securityProperties);
cryptos.put(propFile, crypto);
}
if (crypto == null) {
@@ -392,7 +360,7 @@ public abstract class AbstractWSS4JStaxI
}
protected Crypto loadCryptoFromPropertiesFile(
- SoapMessage soapMessage, String propFilename
+ SoapMessage soapMessage, String propFilename, WSSSecurityProperties securityProperties
) throws WSSecurityException {
ClassLoaderHolder orig = null;
try {
@@ -413,7 +381,7 @@ public abstract class AbstractWSS4JStaxI
props.load(in);
in.close();
return CryptoFactory.getInstance(props, getClassLoader(),
- getPasswordEncryptor(soapMessage));
+ getPasswordEncryptor(soapMessage, securityProperties));
}
} catch (Exception e) {
//ignore
@@ -426,7 +394,9 @@ public abstract class AbstractWSS4JStaxI
}
}
- protected PasswordEncryptor getPasswordEncryptor(SoapMessage soapMessage) {
+ protected PasswordEncryptor getPasswordEncryptor(
+ SoapMessage soapMessage, WSSSecurityProperties securityProperties
+ ) {
PasswordEncryptor passwordEncryptor =
(PasswordEncryptor)soapMessage.getContextualProperty(
SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE
@@ -434,13 +404,12 @@ public abstract class AbstractWSS4JStaxI
if (passwordEncryptor != null) {
return passwordEncryptor;
}
-
- CallbackHandler callbackHandler = null;
- if (securityProperties != null) {
- callbackHandler = securityProperties.getCallbackHandler();
- } else {
+
+ CallbackHandler callbackHandler = securityProperties.getCallbackHandler();
+ if (callbackHandler == null) {
callbackHandler = (CallbackHandler)getProperties().get(ConfigurationConstants.PW_CALLBACK_REF);
}
+
if (callbackHandler != null) {
return new JasyptPasswordEncryptor(callbackHandler);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Fri Dec 6 17:17:19 2013
@@ -159,7 +159,7 @@ public class PolicyBasedWSS4JStaxInInter
}
private void checkAsymmetricBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Collection<AssertionInfo> ais =
getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
@@ -176,12 +176,12 @@ public class PolicyBasedWSS4JStaxInInter
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
@@ -199,7 +199,7 @@ public class PolicyBasedWSS4JStaxInInter
}
private void checkTransportBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws XMLSecurityException {
boolean transportPolicyInEffect =
!getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING).isEmpty();
@@ -235,12 +235,12 @@ public class PolicyBasedWSS4JStaxInInter
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
@@ -270,7 +270,7 @@ public class PolicyBasedWSS4JStaxInInter
}
private void checkSymmetricBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Collection<AssertionInfo> ais =
getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
@@ -287,12 +287,12 @@ public class PolicyBasedWSS4JStaxInInter
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (isRequestor(message)) {
@@ -334,7 +334,9 @@ public class PolicyBasedWSS4JStaxInInter
}
}
- private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+ private Crypto getEncryptionCrypto(
+ Object e, SoapMessage message, WSSSecurityProperties securityProperties
+ ) throws WSSecurityException {
Crypto encrCrypto = null;
if (e instanceof Crypto) {
encrCrypto = (Crypto)e;
@@ -349,7 +351,7 @@ public class PolicyBasedWSS4JStaxInInter
encrCrypto = CryptoFactory.getInstance(props,
Loader.getClassLoader(CryptoFactory.class),
- getPasswordEncryptor(message));
+ getPasswordEncryptor(message, securityProperties));
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
@@ -359,7 +361,9 @@ public class PolicyBasedWSS4JStaxInInter
return encrCrypto;
}
- private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+ private Crypto getSignatureCrypto(
+ Object s, SoapMessage message, WSSSecurityProperties securityProperties
+ ) throws WSSecurityException {
Crypto signCrypto = null;
if (s instanceof Crypto) {
signCrypto = (Crypto)s;
@@ -374,7 +378,7 @@ public class PolicyBasedWSS4JStaxInInter
signCrypto = CryptoFactory.getInstance(props,
Loader.getClassLoader(CryptoFactory.class),
- getPasswordEncryptor(message));
+ getPasswordEncryptor(message, securityProperties));
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
@@ -385,11 +389,13 @@ public class PolicyBasedWSS4JStaxInInter
}
@Override
- protected void configureProperties(SoapMessage msg) throws XMLSecurityException {
+ protected void configureProperties(
+ SoapMessage msg, WSSSecurityProperties securityProperties
+ ) throws XMLSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
- checkAsymmetricBinding(aim, msg);
- checkSymmetricBinding(aim, msg);
- checkTransportBinding(aim, msg);
+ checkAsymmetricBinding(aim, msg, securityProperties);
+ checkSymmetricBinding(aim, msg, securityProperties);
+ checkTransportBinding(aim, msg, securityProperties);
// Allow for setting non-standard asymmetric signature algorithms
String asymSignatureAlgorithm =
@@ -405,14 +411,14 @@ public class PolicyBasedWSS4JStaxInInter
}
}
- super.configureProperties(msg);
+ super.configureProperties(msg, securityProperties);
}
/**
* Is a Nonce Cache required, i.e. are we expecting a UsernameToken
*/
@Override
- protected boolean isNonceCacheRequired(SoapMessage msg) {
+ protected boolean isNonceCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
if (aim != null) {
Collection<AssertionInfo> ais =
@@ -430,7 +436,7 @@ public class PolicyBasedWSS4JStaxInInter
* Is a Timestamp cache required, i.e. are we expecting a Timestamp
*/
@Override
- protected boolean isTimestampCacheRequired(SoapMessage msg) {
+ protected boolean isTimestampCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
if (aim != null) {
Collection<AssertionInfo> ais =
@@ -448,7 +454,7 @@ public class PolicyBasedWSS4JStaxInInter
* Is a SAML Cache required, i.e. are we expecting a SAML Token
*/
@Override
- protected boolean isSamlCacheRequired(SoapMessage msg) {
+ protected boolean isSamlCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
if (aim != null) {
Collection<AssertionInfo> ais =
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Fri Dec 6 17:17:19 2013
@@ -58,6 +58,7 @@ import org.apache.wss4j.policy.SPConstan
import org.apache.wss4j.policy.model.AsymmetricBinding;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.TransportBinding;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
@@ -145,7 +146,7 @@ public class PolicyBasedWSS4JStaxOutInte
}
private void checkAsymmetricBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
if (s == null) {
@@ -156,12 +157,12 @@ public class PolicyBasedWSS4JStaxOutInte
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
@@ -179,7 +180,7 @@ public class PolicyBasedWSS4JStaxOutInte
}
private void checkTransportBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
if (s == null) {
@@ -190,12 +191,12 @@ public class PolicyBasedWSS4JStaxOutInte
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
@@ -213,7 +214,7 @@ public class PolicyBasedWSS4JStaxOutInte
}
private void checkSymmetricBinding(
- AssertionInfoMap aim, SoapMessage message
+ AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
if (s == null) {
@@ -224,12 +225,12 @@ public class PolicyBasedWSS4JStaxOutInte
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
- signCrypto = getSignatureCrypto(s, message);
+ signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (isRequestor(message)) {
@@ -271,7 +272,9 @@ public class PolicyBasedWSS4JStaxOutInte
}
}
- private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+ private Crypto getEncryptionCrypto(
+ Object e, SoapMessage message, WSSSecurityProperties securityProperties
+ ) throws WSSecurityException {
Crypto encrCrypto = null;
if (e instanceof Crypto) {
encrCrypto = (Crypto)e;
@@ -286,7 +289,7 @@ public class PolicyBasedWSS4JStaxOutInte
encrCrypto = CryptoFactory.getInstance(props,
Loader.getClassLoader(CryptoFactory.class),
- getPasswordEncryptor(message));
+ getPasswordEncryptor(message, securityProperties));
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
@@ -296,7 +299,9 @@ public class PolicyBasedWSS4JStaxOutInte
return encrCrypto;
}
- private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+ private Crypto getSignatureCrypto(
+ Object s, SoapMessage message, WSSSecurityProperties securityProperties
+ ) throws WSSecurityException {
Crypto signCrypto = null;
if (s instanceof Crypto) {
signCrypto = (Crypto)s;
@@ -311,7 +316,7 @@ public class PolicyBasedWSS4JStaxOutInte
signCrypto = CryptoFactory.getInstance(props,
Loader.getClassLoader(CryptoFactory.class),
- getPasswordEncryptor(message));
+ getPasswordEncryptor(message, securityProperties));
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
@@ -323,42 +328,43 @@ public class PolicyBasedWSS4JStaxOutInte
@Override
protected void configureProperties(
- SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens,
+ WSSSecurityProperties securityProperties
) throws WSSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
Collection<AssertionInfo> asymAis =
getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (!asymAis.isEmpty()) {
- checkAsymmetricBinding(aim, msg);
+ checkAsymmetricBinding(aim, msg, securityProperties);
}
Collection<AssertionInfo> symAis =
getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
if (!symAis.isEmpty()) {
- checkSymmetricBinding(aim, msg);
+ checkSymmetricBinding(aim, msg, securityProperties);
}
Collection<AssertionInfo> transAis =
getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
if (!transAis.isEmpty()) {
- checkTransportBinding(aim, msg);
+ checkTransportBinding(aim, msg, securityProperties);
}
- super.configureProperties(msg, outboundTokens);
+ super.configureProperties(msg, outboundTokens, securityProperties);
if (!transAis.isEmpty()) {
TransportBinding binding = (TransportBinding)transAis.iterator().next().getAssertion();
- new StaxTransportBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+ new StaxTransportBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
} else if (!asymAis.isEmpty()) {
AsymmetricBinding binding = (AsymmetricBinding)asymAis.iterator().next().getAssertion();
- new StaxAsymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+ new StaxAsymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
} else if (!symAis.isEmpty()) {
SymmetricBinding binding = (SymmetricBinding)symAis.iterator().next().getAssertion();
- new StaxSymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+ new StaxSymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
} else {
// Fall back to Transport Binding
- new StaxTransportBindingHandler(getProperties(), msg, null, outboundTokens).handleBinding();
+ new StaxTransportBindingHandler(securityProperties, msg, null, outboundTokens).handleBinding();
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java Fri Dec 6 17:17:19 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.phase.Phase;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event;
@@ -44,9 +45,9 @@ public class StaxActionInInterceptor ext
private static final Logger LOG =
LogUtils.getL7dLogger(StaxActionInInterceptor.class);
- private final List<String> inActions;
+ private final List<XMLSecurityConstants.Action> inActions;
- public StaxActionInInterceptor(List<String> inActions) {
+ public StaxActionInInterceptor(List<XMLSecurityConstants.Action> inActions) {
super(Phase.PRE_PROTOCOL);
this.inActions = inActions;
this.getBefore().add(StaxSecurityContextInInterceptor.class.getName());
@@ -55,7 +56,7 @@ public class StaxActionInInterceptor ext
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
- if (inActions == null || inActions.isEmpty()) {
+ if (inActions == null || inActions.size() == 0) {
return;
}
@@ -70,16 +71,16 @@ public class StaxActionInInterceptor ext
throw createSoapFault(soapMessage.getVersion(), ex);
}
- for (String action : inActions) {
+ for (XMLSecurityConstants.Action action : inActions) {
Event requiredEvent = null;
- if (WSSConstants.TIMESTAMP.getName().equals(action)) {
+ if (WSSConstants.TIMESTAMP.equals(action)) {
requiredEvent = WSSecurityEventConstants.Timestamp;
- } else if (WSSConstants.USERNAMETOKEN.getName().equals(action)) {
+ } else if (WSSConstants.USERNAMETOKEN.equals(action)) {
requiredEvent = WSSecurityEventConstants.UsernameToken;
- } else if (WSSConstants.SIGNATURE.getName().equals(action)) {
+ } else if (WSSConstants.SIGNATURE.equals(action)) {
requiredEvent = WSSecurityEventConstants.SignatureValue;
- } else if (WSSConstants.SAML_TOKEN_SIGNED.getName().equals(action)
- || WSSConstants.SAML_TOKEN_UNSIGNED.getName().equals(action)) {
+ } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)
+ || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
requiredEvent = WSSecurityEventConstants.SamlToken;
}
@@ -91,7 +92,7 @@ public class StaxActionInInterceptor ext
throw createSoapFault(soapMessage.getVersion(), ex);
}
- if (WSSConstants.ENCRYPT.getName().equals(action)) {
+ if (WSSConstants.ENCRYPT.equals(action)) {
boolean foundEncryptionPart =
isEventInResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList);
if (!foundEncryptionPart) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Fri Dec 6 17:17:19 2013
@@ -19,7 +19,6 @@
package org.apache.cxf.ws.security.wss4j;
import java.io.IOException;
-import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -66,26 +65,16 @@ public class WSS4JStaxInInterceptor exte
private static final Logger LOG = LogUtils.getL7dLogger(WSS4JStaxInInterceptor.class);
- private List<String> actions;
-
public WSS4JStaxInInterceptor(WSSSecurityProperties securityProperties) {
- super();
+ super(securityProperties);
setPhase(Phase.POST_STREAM);
getAfter().add(StaxInInterceptor.class.getName());
- setSecurityProperties(securityProperties);
}
public WSS4JStaxInInterceptor(Map<String, Object> props) {
super(props);
setPhase(Phase.POST_STREAM);
getAfter().add(StaxInInterceptor.class.getName());
- if (props != null && props.containsKey(ConfigurationConstants.ACTION)) {
- Object actionObject = props.get(ConfigurationConstants.ACTION);
- if (actionObject instanceof String) {
- String[] actionArray = ((String)actionObject).split(" ");
- this.actions = Arrays.asList(actionArray);
- }
- }
}
public final boolean isGET(SoapMessage message) {
@@ -111,25 +100,20 @@ public class WSS4JStaxInInterceptor exte
soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
- if (actions != null && !actions.isEmpty()) {
- soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(actions));
- }
-
try {
@SuppressWarnings("unchecked")
List<SecurityEvent> requestSecurityEvents =
(List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
- translateProperties(soapMessage);
- configureCallbackHandler(soapMessage);
- configureProperties(soapMessage);
+ WSSSecurityProperties secProps = createSecurityProperties();
+ translateProperties(soapMessage, secProps);
+ configureCallbackHandler(soapMessage, secProps);
+ configureProperties(soapMessage, secProps);
InboundWSSec inboundWSSec = null;
- WSSSecurityProperties secProps = null;
- if (getSecurityProperties() != null) {
- secProps = getSecurityProperties();
- } else {
- secProps = ConfigurationConverter.convert(getProperties());
+
+ if (secProps.getActions() != null && secProps.getActions().size() > 0) {
+ soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
}
if (secProps.getAttachmentCallbackHandler() == null) {
@@ -187,99 +171,67 @@ public class WSS4JStaxInInterceptor exte
return Collections.singletonList(securityEventListener);
}
- protected void configureProperties(SoapMessage msg) throws XMLSecurityException {
- WSSSecurityProperties securityProperties = getSecurityProperties();
- Map<String, Object> config = getProperties();
+ protected void configureProperties(
+ SoapMessage msg, WSSSecurityProperties securityProperties
+ ) throws XMLSecurityException {
// Configure replay caching
ReplayCache nonceCache = null;
- if (isNonceCacheRequired(msg)) {
+ if (isNonceCacheRequired(msg, securityProperties)) {
nonceCache = WSS4JUtils.getReplayCache(
msg, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE
);
}
if (nonceCache == null) {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_NONCE_CACHE, "false");
- config.remove(ConfigurationConstants.NONCE_CACHE_INSTANCE);
- } else {
- securityProperties.setEnableNonceReplayCache(false);
- securityProperties.setNonceReplayCache(null);
- }
+ securityProperties.setEnableNonceReplayCache(false);
+ securityProperties.setNonceReplayCache(null);
} else {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_NONCE_CACHE, "true");
- config.put(ConfigurationConstants.NONCE_CACHE_INSTANCE, nonceCache);
- } else {
- securityProperties.setEnableNonceReplayCache(true);
- securityProperties.setNonceReplayCache(nonceCache);
- }
+ securityProperties.setEnableNonceReplayCache(true);
+ securityProperties.setNonceReplayCache(nonceCache);
}
ReplayCache timestampCache = null;
- if (isTimestampCacheRequired(msg)) {
+ if (isTimestampCacheRequired(msg, securityProperties)) {
timestampCache = WSS4JUtils.getReplayCache(
msg, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE
);
}
if (timestampCache == null) {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_TIMESTAMP_CACHE, "false");
- config.remove(ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE);
- } else {
- securityProperties.setEnableTimestampReplayCache(false);
- securityProperties.setTimestampReplayCache(null);
- }
+ securityProperties.setEnableTimestampReplayCache(false);
+ securityProperties.setTimestampReplayCache(null);
} else {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_TIMESTAMP_CACHE, "true");
- config.put(ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE, timestampCache);
- } else {
- securityProperties.setEnableTimestampReplayCache(true);
- securityProperties.setTimestampReplayCache(timestampCache);
- }
+ securityProperties.setEnableTimestampReplayCache(true);
+ securityProperties.setTimestampReplayCache(timestampCache);
}
ReplayCache samlCache = null;
- if (isSamlCacheRequired(msg)) {
+ if (isSamlCacheRequired(msg, securityProperties)) {
samlCache = WSS4JUtils.getReplayCache(
msg, SecurityConstants.ENABLE_SAML_ONE_TIME_USE_CACHE,
SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE
);
}
if (samlCache == null) {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, "false");
- config.remove(ConfigurationConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
- } else {
- securityProperties.setEnableSamlOneTimeUseReplayCache(false);
- securityProperties.setSamlOneTimeUseReplayCache(null);
- }
+ securityProperties.setEnableSamlOneTimeUseReplayCache(false);
+ securityProperties.setSamlOneTimeUseReplayCache(null);
} else {
- if (config != null) {
- config.put(ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, "true");
- config.put(ConfigurationConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE, samlCache);
- } else {
- securityProperties.setEnableSamlOneTimeUseReplayCache(true);
- securityProperties.setSamlOneTimeUseReplayCache(samlCache);
- }
+ securityProperties.setEnableSamlOneTimeUseReplayCache(true);
+ securityProperties.setSamlOneTimeUseReplayCache(samlCache);
}
boolean enableRevocation =
MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
- if (securityProperties != null) {
- securityProperties.setEnableRevocation(enableRevocation);
- } else {
- config.put(ConfigurationConstants.ENABLE_REVOCATION, Boolean.toString(enableRevocation));
- }
+ securityProperties.setEnableRevocation(enableRevocation);
// Crypto loading only applies for Map
+ Map<String, Object> config = getProperties();
if (config != null) {
Crypto sigVerCrypto =
loadCrypto(
msg,
ConfigurationConstants.SIG_VER_PROP_FILE,
- ConfigurationConstants.SIG_VER_PROP_REF_ID
+ ConfigurationConstants.SIG_VER_PROP_REF_ID,
+ securityProperties
);
if (sigVerCrypto == null) {
// Fall back to using the Signature properties for verification
@@ -287,7 +239,8 @@ public class WSS4JStaxInInterceptor exte
loadCrypto(
msg,
ConfigurationConstants.SIG_PROP_FILE,
- ConfigurationConstants.SIG_PROP_REF_ID
+ ConfigurationConstants.SIG_PROP_REF_ID,
+ securityProperties
);
}
if (sigVerCrypto != null) {
@@ -299,31 +252,28 @@ public class WSS4JStaxInInterceptor exte
loadCrypto(
msg,
ConfigurationConstants.DEC_PROP_FILE,
- ConfigurationConstants.DEC_PROP_REF_ID
+ ConfigurationConstants.DEC_PROP_REF_ID,
+ securityProperties
);
if (decCrypto != null) {
config.put(ConfigurationConstants.DEC_PROP_REF_ID, "RefId-" + decCrypto.hashCode());
config.put("RefId-" + decCrypto.hashCode(), decCrypto);
}
+ ConfigurationConverter.parseCrypto(config, securityProperties);
}
}
/**
* Is a Nonce Cache required, i.e. are we expecting a UsernameToken
*/
- protected boolean isNonceCacheRequired(SoapMessage msg) {
- WSSSecurityProperties securityProperties = getSecurityProperties();
+ protected boolean isNonceCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
- if (securityProperties != null && securityProperties.getOutAction() != null) {
- for (WSSConstants.Action action : securityProperties.getOutAction()) {
+ if (securityProperties != null && securityProperties.getActions() != null) {
+ for (WSSConstants.Action action : securityProperties.getActions()) {
if (action == WSSConstants.USERNAMETOKEN) {
return true;
}
}
- } else if (actions != null
- && (actions.contains(ConfigurationConstants.USERNAME_TOKEN)
- || actions.contains(ConfigurationConstants.USERNAME_TOKEN_NO_PASSWORD))) {
- return true;
}
return false;
@@ -332,17 +282,16 @@ public class WSS4JStaxInInterceptor exte
/**
* Is a Timestamp cache required, i.e. are we expecting a Timestamp
*/
- protected boolean isTimestampCacheRequired(SoapMessage msg) {
- WSSSecurityProperties securityProperties = getSecurityProperties();
+ protected boolean isTimestampCacheRequired(
+ SoapMessage msg, WSSSecurityProperties securityProperties
+ ) {
- if (securityProperties != null && securityProperties.getOutAction() != null) {
- for (WSSConstants.Action action : securityProperties.getOutAction()) {
+ if (securityProperties != null && securityProperties.getActions() != null) {
+ for (WSSConstants.Action action : securityProperties.getActions()) {
if (action == WSSConstants.TIMESTAMP) {
return true;
}
}
- } else if (actions != null && actions.contains(ConfigurationConstants.TIMESTAMP)) {
- return true;
}
return false;
@@ -351,19 +300,15 @@ public class WSS4JStaxInInterceptor exte
/**
* Is a SAML Cache required, i.e. are we expecting a SAML Token
*/
- protected boolean isSamlCacheRequired(SoapMessage msg) {
- WSSSecurityProperties securityProperties = getSecurityProperties();
+ protected boolean isSamlCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
- if (securityProperties != null && securityProperties.getOutAction() != null) {
- for (WSSConstants.Action action : securityProperties.getOutAction()) {
+ if (securityProperties != null && securityProperties.getActions() != null) {
+ for (WSSConstants.Action action : securityProperties.getActions()) {
if (action == WSSConstants.SAML_TOKEN_UNSIGNED
|| action == WSSConstants.SAML_TOKEN_SIGNED) {
return true;
}
}
- } else if (actions != null && (actions.contains(ConfigurationConstants.SAML_TOKEN_UNSIGNED)
- || actions.contains(ConfigurationConstants.SAML_TOKEN_SIGNED))) {
- return true;
}
return false;
@@ -452,14 +397,6 @@ public class WSS4JStaxInInterceptor exte
return null;
}
- public List<String> getActions() {
- return actions;
- }
-
- public void setActions(List<String> actions) {
- this.actions = actions;
- }
-
private class TokenStoreCallbackHandler implements CallbackHandler {
private CallbackHandler internal;
private TokenStore store;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Fri Dec 6 17:17:19 2013
@@ -72,12 +72,11 @@ public class WSS4JStaxOutInterceptor ext
private boolean mtomEnabled;
public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) {
- super();
+ super(securityProperties);
setPhase(Phase.PRE_STREAM);
getBefore().add(StaxOutInterceptor.class.getName());
ending = createEndingInterceptor();
- setSecurityProperties(securityProperties);
}
public WSS4JStaxOutInterceptor(Map<String, Object> props) {
@@ -123,21 +122,16 @@ public class WSS4JStaxOutInterceptor ext
final List<SecurityEvent> requestSecurityEvents =
(List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName() + ".in");
- translateProperties(mc);
+ WSSSecurityProperties secProps = createSecurityProperties();
+ translateProperties(mc, secProps);
Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens =
new HashMap<String, SecurityTokenProvider<OutboundSecurityToken>>();
- configureCallbackHandler(mc);
- configureProperties(mc, outboundTokens);
+ configureCallbackHandler(mc, secProps);
+ configureProperties(mc, outboundTokens, secProps);
OutboundWSSec outboundWSSec = null;
- WSSSecurityProperties secProps = null;
- if (getSecurityProperties() != null) {
- secProps = getSecurityProperties();
- } else {
- secProps = ConfigurationConverter.convert(getProperties());
- }
- if ((secProps.getOutAction() == null || secProps.getOutAction().length == 0)
+ if ((secProps.getActions() == null || secProps.getActions().size() == 0)
&& mc.get(AssertionInfoMap.class) != null) {
// If no actions configured (with SecurityPolicy) then return
return;
@@ -213,7 +207,8 @@ public class WSS4JStaxOutInterceptor ext
}
protected void configureProperties(
- SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens,
+ WSSSecurityProperties securityProperties
) throws WSSecurityException {
Map<String, Object> config = getProperties();
@@ -221,30 +216,30 @@ public class WSS4JStaxOutInterceptor ext
if (config != null) {
String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
if (user != null) {
- config.put(ConfigurationConstants.USER, user);
+ securityProperties.setTokenUser(user);
}
String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
if (sigUser != null) {
- config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+ securityProperties.setSignatureUser(sigUser);
}
String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
if (encUser != null) {
- config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+ securityProperties.setEncryptionUser(encUser);
}
Crypto sigCrypto =
loadCrypto(
msg,
ConfigurationConstants.SIG_PROP_FILE,
- ConfigurationConstants.SIG_PROP_REF_ID
+ ConfigurationConstants.SIG_PROP_REF_ID,
+ securityProperties
);
if (sigCrypto != null) {
config.put(ConfigurationConstants.SIG_PROP_REF_ID, "RefId-" + sigCrypto.hashCode());
config.put("RefId-" + sigCrypto.hashCode(), sigCrypto);
if (sigUser == null && sigCrypto.getDefaultX509Identifier() != null) {
// Fall back to default identifier
- config.put(ConfigurationConstants.SIGNATURE_USER,
- sigCrypto.getDefaultX509Identifier());
+ securityProperties.setSignatureUser(sigCrypto.getDefaultX509Identifier());
}
}
@@ -252,17 +247,25 @@ public class WSS4JStaxOutInterceptor ext
loadCrypto(
msg,
ConfigurationConstants.ENC_PROP_FILE,
- ConfigurationConstants.ENC_PROP_REF_ID
+ ConfigurationConstants.ENC_PROP_REF_ID,
+ securityProperties
);
if (encCrypto != null) {
config.put(ConfigurationConstants.ENC_PROP_REF_ID, "RefId-" + encCrypto.hashCode());
config.put("RefId-" + encCrypto.hashCode(), encCrypto);
if (encUser == null && encCrypto.getDefaultX509Identifier() != null) {
// Fall back to default identifier
- config.put(ConfigurationConstants.ENCRYPTION_USER,
- encCrypto.getDefaultX509Identifier());
+ securityProperties.setEncryptionUser(encCrypto.getDefaultX509Identifier());
}
}
+ ConfigurationConverter.parseCrypto(config, securityProperties);
+
+ if (securityProperties.getSignatureUser() == null && user != null) {
+ securityProperties.setSignatureUser(user);
+ }
+ if (securityProperties.getEncryptionUser() == null && user != null) {
+ securityProperties.setEncryptionUser(user);
+ }
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri Dec 6 17:17:19 2013
@@ -47,7 +47,6 @@ import org.apache.cxf.ws.security.Securi
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.neethi.Assertion;
-import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
@@ -87,7 +86,10 @@ import org.apache.wss4j.policy.model.X50
import org.apache.wss4j.policy.model.X509Token.TokenType;
import org.apache.wss4j.policy.model.XPath;
import org.apache.wss4j.policy.stax.PolicyUtils;
+import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.algorithms.JCEMapper;
@@ -117,11 +119,11 @@ public abstract class AbstractStaxBindin
protected Map<AbstractToken, SecurePart> sgndEndSuppTokMap;
protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
- private final Map<String, Object> properties;
+ private final WSSSecurityProperties properties;
private AbstractBinding binding;
public AbstractStaxBindingHandler(
- Map<String, Object> properties,
+ WSSSecurityProperties properties,
SoapMessage msg,
AbstractBinding binding,
Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
@@ -139,44 +141,36 @@ public abstract class AbstractStaxBindin
return null;
}
- Map<String, Object> config = getProperties();
-
// Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.USERNAME_TOKEN);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.USERNAME_TOKEN);
- }
+ WSSConstants.Action actionToPerform = WSSConstants.USERNAMETOKEN;
+ properties.addAction(actionToPerform);
// Password Type
PasswordType passwordType = usernameToken.getPasswordType();
if (passwordType == PasswordType.HashPassword) {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
} else if (passwordType == PasswordType.NoPassword) {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
} else {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
}
// Nonce + Created
if (usernameToken.isNonce()) {
- config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+ properties.setAddUsernameTokenNonce(true);
}
if (usernameToken.isCreated()) {
- config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+ properties.setAddUsernameTokenCreated(true);
}
// Check if a CallbackHandler was specified
- if (config.get(ConfigurationConstants.PW_CALLBACK_REF) == null) {
+ if (properties.getCallbackHandler() == null) {
String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
if (password != null) {
String username =
(String)message.getContextualProperty(SecurityConstants.USERNAME);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
- config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+ properties.setCallbackHandler(callbackHandler);
}
}
@@ -260,15 +254,8 @@ public abstract class AbstractStaxBindin
}
// Action
- Map<String, Object> config = getProperties();
- String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
-
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
- } else {
- config.put(ConfigurationConstants.ACTION, actionToPerform);
- }
+ WSSConstants.Action actionToPerform = WSSConstants.KERBEROS_TOKEN;
+ properties.addAction(actionToPerform);
/*
if (endorsing) {
@@ -296,8 +283,6 @@ public abstract class AbstractStaxBindin
return null;
}
- Map<String, Object> config = getProperties();
-
//
// Get the SAML CallbackHandler
//
@@ -318,20 +303,14 @@ public abstract class AbstractStaxBindin
policyNotAsserted(token, "No SAML CallbackHandler available");
return null;
}
- config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
+ properties.setSamlCallbackHandler(handler);
// Action
- String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+ WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (signed || endorsing) {
- samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
- }
-
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
- } else {
- config.put(ConfigurationConstants.ACTION, samlAction);
+ actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
+ properties.addAction(actionToPerform);
QName qname = WSSConstants.TAG_saml2_Assertion;
SamlTokenType tokenType = token.getSamlTokenType();
@@ -351,17 +330,11 @@ public abstract class AbstractStaxBindin
if (el != null && "Assertion".equals(el.getLocalName())
&& (WSSConstants.NS_SAML.equals(el.getNamespaceURI())
|| WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
- String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+ WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (endorsing) {
- samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
- }
- Map<String, Object> config = getProperties();
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
- } else {
- config.put(ConfigurationConstants.ACTION, samlAction);
+ actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
+ properties.addAction(actionToPerform);
// Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
final SubjectBean subjectBean;
@@ -395,7 +368,7 @@ public abstract class AbstractStaxBindin
}
};
- config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
+ properties.setSamlCallbackHandler(callbackHandler);
QName qname = WSSConstants.TAG_saml2_Assertion;
if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
@@ -405,14 +378,8 @@ public abstract class AbstractStaxBindin
return new SecurePart(qname, Modifier.Element);
} else if (isRequestor()) {
// An Encrypted Token...just include it as is
- Map<String, Object> config = getProperties();
- String actionToPerform = ConfigurationConstants.CUSTOM_TOKEN;
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
- } else {
- config.put(ConfigurationConstants.ACTION, actionToPerform);
- }
+ WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
+ properties.addAction(actionToPerform);
}
}
@@ -514,71 +481,70 @@ public abstract class AbstractStaxBindin
return;
}
- Map<String, Object> config = getProperties();
boolean timestampLast =
layout != null && layout.getLayoutType() == LayoutType.LaxTsLast;
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- if (timestampLast) {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP + " " + action);
- } else {
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- }
+ WSSConstants.Action actionToPerform = WSSConstants.TIMESTAMP;
+ List<WSSConstants.Action> actionList = properties.getActions();
+ if (timestampLast) {
+ actionList.add(0, actionToPerform);
} else {
- config.put(ConfigurationConstants.ACTION, ConfigurationConstants.TIMESTAMP);
+ actionList.add(actionToPerform);
}
}
- protected Map<String, Object> getProperties() {
+ protected WSSSecurityProperties getProperties() {
return properties;
}
protected void configureSignature(
AbstractTokenWrapper wrapper, AbstractToken token, boolean attached
) throws WSSecurityException {
- Map<String, Object> config = getProperties();
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
TokenType tokenType = x509Token.getTokenType();
if (tokenType == TokenType.WssX509PkiPathV1Token10
|| tokenType == TokenType.WssX509PkiPathV1Token11) {
- config.put(ConfigurationConstants.USE_SINGLE_CERTIFICATE, "false");
+ properties.setUseSingleCert(false);
}
}
- config.put(ConfigurationConstants.SIG_KEY_ID, getKeyIdentifierType(wrapper, token));
+ properties.setSignatureKeyIdentifier(
+ ConfigurationConverter.convertKeyIdentifier(getKeyIdentifierType(wrapper, token)));
// Find out do we also need to include the token as per the Inclusion requirement
+ WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getSignatureKeyIdentifier();
if (token instanceof X509Token
&& isTokenRequired(token.getIncludeTokenType())
- && ("IssuerSerial".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
- || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
- || "DirectReference".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
- config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "true");
+ && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)
+ || WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)
+ || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(
+ keyIdentifier))) {
+ properties.setIncludeSignatureToken(true);
} else {
- config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
+ properties.setIncludeSignatureToken(false);
}
String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
if (binding instanceof SymmetricBinding) {
userNameKey = SecurityConstants.ENCRYPT_USERNAME;
- config.put(ConfigurationConstants.SIG_ALGO,
+ properties.setSignatureAlgorithm(
binding.getAlgorithmSuite().getSymmetricSignature());
} else {
- config.put(ConfigurationConstants.SIG_ALGO,
+ properties.setSignatureAlgorithm(
binding.getAlgorithmSuite().getAsymmetricSignature());
}
String sigUser = (String)message.getContextualProperty(userNameKey);
- if (sigUser != null) {
- config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+ if (sigUser == null) {
+ sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ }
+ if (sigUser != null && properties.getSignatureUser() == null) {
+ properties.setSignatureUser(sigUser);
}
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
- config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+ properties.setSignatureDigestAlgorithm(algType.getDigest());
// sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
}
@@ -787,25 +753,15 @@ public abstract class AbstractStaxBindin
for (AbstractToken token : tokenMap.keySet()) {
SecurePart part = tokenMap.get(token);
- String parts = "";
- Map<String, Object> config = getProperties();
- if (config.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
- parts = (String)config.get(ConfigurationConstants.SIGNATURE_PARTS);
- if (!parts.endsWith(";")) {
- parts += ";";
- }
- }
-
QName name = part.getName();
- String action = (String)config.get(ConfigurationConstants.ACTION);
+ List<WSSConstants.Action> actionList = properties.getActions();
+
// Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
if (!((WSSConstants.TAG_saml_Assertion.equals(name)
|| WSSConstants.TAG_saml2_Assertion.equals(name))
- && action != null && action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED))) {
- parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ && actionList != null && actionList.contains(WSSConstants.SAML_TOKEN_SIGNED))) {
+ properties.addSignaturePart(part);
}
-
- config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
}
}
@@ -820,8 +776,11 @@ public abstract class AbstractStaxBindin
}
// Enable SignatureConfirmation
- Map<String, Object> config = getProperties();
- config.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+ if (isRequestor()) {
+ properties.setEnableSignatureConfirmationVerification(true);
+ } else {
+ properties.getActions().add(WSSConstants.SIGNATURE_CONFIRMATION);
+ }
if (sigParts != null) {
SecurePart securePart =
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Fri Dec 6 17:17:19 2013
@@ -25,7 +25,6 @@ import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
-import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -52,7 +51,9 @@ import org.apache.wss4j.policy.model.Sec
import org.apache.wss4j.policy.model.SecurityContextToken;
import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.stax.ConfigurationConverter;
import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.SecurePart.Modifier;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
@@ -69,7 +70,7 @@ public class StaxAsymmetricBindingHandle
private SoapMessage message;
public StaxAsymmetricBindingHandler(
- Map<String, Object> properties,
+ WSSSecurityProperties properties,
SoapMessage msg,
AsymmetricBinding abinding,
Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
@@ -131,13 +132,12 @@ public class StaxAsymmetricBindingHandle
}
// Set up CallbackHandler which wraps the configured Handler
- Map<String, Object> config = getProperties();
+ WSSSecurityProperties properties = getProperties();
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF),
- WSS4JUtils.getTokenStore(message)
+ properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
);
- config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+ properties.setCallbackHandler(callbackHandler);
} else if (initiatorToken instanceof SamlToken) {
addSamlToken((SamlToken)initiatorToken, false, true);
}
@@ -174,16 +174,15 @@ public class StaxAsymmetricBindingHandle
addSupportingTokens();
- Map<String, Object> config = getProperties();
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- if (action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED)
- && action.contains(ConfigurationConstants.SIGNATURE)) {
- String newAction = action.replaceFirst(ConfigurationConstants.SIGNATURE, "").trim();
- config.put(ConfigurationConstants.ACTION, newAction);
+ WSSSecurityProperties properties = getProperties();
+ if (properties.getActions() != null) {
+ List<WSSConstants.Action> actionList = properties.getActions();
+ if (actionList.contains(WSSConstants.SAML_TOKEN_SIGNED)
+ && actionList.contains(WSSConstants.SIGNATURE)) {
+ actionList.remove(WSSConstants.SIGNATURE);
}
- }
-
+ }
+
List<SecurePart> enc = getEncryptedParts();
//Check for signature protection
@@ -263,13 +262,12 @@ public class StaxAsymmetricBindingHandle
}
// Set up CallbackHandler which wraps the configured Handler
- Map<String, Object> config = getProperties();
+ WSSSecurityProperties properties = getProperties();
TokenStoreCallbackHandler callbackHandler =
new TokenStoreCallbackHandler(
- (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF),
- WSS4JUtils.getTokenStore(message)
+ properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
);
- config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+ properties.setCallbackHandler(callbackHandler);
} else if (initiatorToken instanceof SamlToken) {
addSamlToken((SamlToken)initiatorToken, false, true);
}
@@ -349,74 +347,34 @@ public class StaxAsymmetricBindingHandle
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
// Action
- Map<String, Object> config = getProperties();
- String actionToPerform = ConfigurationConstants.ENCRYPT;
+ WSSSecurityProperties properties = getProperties();
+ WSSConstants.Action actionToPerform = WSSConstants.ENCRYPT;
if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
- }
-
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
- } else {
- config.put(ConfigurationConstants.ACTION, actionToPerform);
+ actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
}
+ properties.addAction(actionToPerform);
- String parts = "";
- if (config.containsKey(ConfigurationConstants.ENCRYPTION_PARTS)) {
- parts = (String)config.get(ConfigurationConstants.ENCRYPTION_PARTS);
- if (!parts.endsWith(";")) {
- parts += ";";
- }
+ for (SecurePart encPart : encrParts) {
+ properties.addEncryptionPart(encPart);
}
- String optionalParts = "";
- if (config.containsKey(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS)) {
- optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS);
- if (!optionalParts.endsWith(";")) {
- optionalParts += ";";
- }
- }
-
- if (encrParts != null) {
- for (SecurePart part : encrParts) {
- QName name = part.getName();
- String modifier = part.getModifier().getModifier();
- if (modifier == null || Modifier.Element.getModifier().equals(modifier)) {
- modifier = "Element";
- } else {
- modifier = "Content";
- }
-
- String parsedPart = "";
- if (name != null) {
- parsedPart = "{" + modifier + "}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
- } else {
- parsedPart = "{" + modifier + "}" + part.getExternalReference() + ";";
- }
-
- if (part.isRequired()) {
- parts += parsedPart;
- } else {
- optionalParts += parsedPart;
- }
- }
- }
-
- config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);
- config.put(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS, optionalParts);
-
- config.put(ConfigurationConstants.ENC_KEY_ID,
- getKeyIdentifierType(recToken, encrToken));
+ properties.setEncryptionKeyIdentifier(
+ ConfigurationConverter.convertKeyIdentifier(getKeyIdentifierType(recToken, encrToken)));
- config.put(ConfigurationConstants.ENC_KEY_TRANSPORT,
+ properties.setEncryptionKeyTransportAlgorithm(
algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
- config.put(ConfigurationConstants.ENC_SYM_ALGO,
+ properties.setEncryptionSymAlgorithm(
algorithmSuite.getAlgorithmSuiteType().getEncryption());
String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
- if (encUser != null) {
- config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+ if (encUser == null) {
+ encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ }
+ if (encUser != null && properties.getEncryptionUser() == null) {
+ properties.setEncryptionUser(encUser);
+ }
+ if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encUser)) {
+ properties.setUseReqSigCertForEncryption(true);
}
//
@@ -424,7 +382,7 @@ public class StaxAsymmetricBindingHandle
// we're extracting the cert from a SAML Assertion on the provider side
//
if (!isRequestor() && recToken.getToken() instanceof IssuedToken) {
- config.put(ConfigurationConstants.ENCRYPTION_USER, ConfigurationConstants.USE_REQ_SIG_CERT);
+ properties.setUseReqSigCertForEncryption(true);
}
}
}
@@ -433,56 +391,20 @@ public class StaxAsymmetricBindingHandle
throws WSSecurityException, SOAPException {
// Action
- Map<String, Object> config = getProperties();
- String actionToPerform = ConfigurationConstants.SIGNATURE;
+ WSSSecurityProperties properties = getProperties();
+ WSSConstants.Action actionToPerform = WSSConstants.SIGNATURE;
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
+ actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
}
-
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ List<WSSConstants.Action> actionList = properties.getActions();
+ if (actionList.contains(WSSConstants.SIGNATURE_CONFIRMATION)) {
+ actionList.add(0, actionToPerform);
} else {
- config.put(ConfigurationConstants.ACTION, actionToPerform);
- }
-
- String parts = "";
- if (config.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
- parts = (String)config.get(ConfigurationConstants.SIGNATURE_PARTS);
- if (!parts.endsWith(";")) {
- parts += ";";
- }
- }
-
- String optionalParts = "";
- if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
- optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
- if (!optionalParts.endsWith(";")) {
- optionalParts += ";";
- }
+ actionList.add(actionToPerform);
}
- for (SecurePart part : sigParts) {
- QName name = part.getName();
- String modifier = part.getModifier().getModifier();
- if (modifier == null || Modifier.Element.getModifier().equals(modifier)) {
- modifier = "Element";
- } else {
- modifier = "Content";
- }
-
- String parsedPart = "";
- if (name != null) {
- parsedPart = "{" + modifier + "}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
- } else {
- parsedPart = "{" + modifier + "}" + part.getExternalReference() + ";";
- }
-
- if (part.isRequired()) {
- parts += parsedPart;
- } else {
- optionalParts += parsedPart;
- }
+ for (SecurePart sigPart : sigParts) {
+ properties.addSignaturePart(sigPart);
}
AbstractToken sigToken = wrapper.getToken();
@@ -490,18 +412,17 @@ public class StaxAsymmetricBindingHandle
if (abinding.isProtectTokens() && (sigToken instanceof X509Token)
&& sigToken.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- parts += "{Element}{" + WSSConstants.NS_WSSE10 + "}BinarySecurityToken;";
+ SecurePart securePart =
+ new SecurePart(new QName(WSSConstants.NS_WSSE10, "BinarySecurityToken"), Modifier.Element);
+ properties.addSignaturePart(securePart);
} else if (sigToken instanceof IssuedToken || sigToken instanceof SecurityContextToken
|| sigToken instanceof SecureConversationToken || sigToken instanceof SpnegoContextToken
|| sigToken instanceof SamlToken) {
- config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
+ properties.setIncludeSignatureToken(false);
}
- config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
- config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
-
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- config.put(ConfigurationConstants.SIG_ALGO,
+ properties.setSignatureAlgorithm(
abinding.getAlgorithmSuite().getSymmetricSignature());
}
}