You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2016/12/04 01:11:47 UTC
[05/30] cxf git commit: Fixes relating to WSS4J changes
Fixes relating to WSS4J changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/970080fb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/970080fb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/970080fb
Branch: refs/heads/CXF-6882.nio
Commit: 970080fb9d7208c99ad2bde8e3c6c63a5211b448
Parents: 8a605be
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Nov 25 12:49:14 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Nov 25 12:49:14 2016 +0000
----------------------------------------------------------------------
.../saml/sso/AbstractSAMLCallbackHandler.java | 4 +-
.../wss4j/UsernameTokenInterceptor.java | 15 ++-
.../policyhandlers/AbstractBindingBuilder.java | 111 +++++++++----------
.../AsymmetricBindingHandler.java | 39 ++++---
.../policyhandlers/SymmetricBindingHandler.java | 33 +++---
.../policyhandlers/TransportBindingHandler.java | 35 +++---
.../policyhandlers/WSSecurityTokenHolder.java | 5 +-
.../security/wss4j/WSS4JOutInterceptorTest.java | 4 +-
.../wss4j/saml/AbstractSAMLCallbackHandler.java | 4 +-
.../cxf/sts/operation/AbstractOperation.java | 8 +-
.../token/provider/DefaultSubjectProvider.java | 4 +-
.../sts/token/provider/TokenProviderUtils.java | 10 +-
.../cxf/sts/operation/IssueSamlUnitTest.java | 6 +-
13 files changed, 137 insertions(+), 141 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index 9772967..ee801f7 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -207,10 +207,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
Document doc = docBuilder.newDocument();
// Create an Encrypted Key
- WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(doc, null);
+ encrKey.prepare(null);
ephemeralKey = encrKey.getEphemeralKey();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 0660109..890cbf1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -29,6 +29,7 @@ import java.util.Set;
import javax.security.auth.Subject;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
@@ -369,8 +370,11 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
UsernameToken tok = assertTokens(message);
Header h = findSecurityHeader(message, true);
+ Element el = (Element)h.getObject();
+ Document doc = el.getOwnerDocument();
+
WSSecUsernameToken utBuilder =
- addUsernameToken(message, tok);
+ addUsernameToken(message, doc, tok);
if (utBuilder == null) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais =
@@ -382,13 +386,12 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
}
return;
}
- Element el = (Element)h.getObject();
- utBuilder.prepare(el.getOwnerDocument());
+ utBuilder.prepare();
el.appendChild(utBuilder.getUsernameTokenElement());
}
- protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) {
+ protected WSSecUsernameToken addUsernameToken(SoapMessage message, Document doc, UsernameToken token) {
String userName =
(String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
WSSConfig wssConfig = (WSSConfig)message.getContextualProperty(WSSConfig.class.getName());
@@ -399,7 +402,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
if (!StringUtils.isEmpty(userName)) {
// If NoPassword property is set we don't need to set the password
if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(doc);
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
utBuilder.setUserInfo(userName, null);
@@ -415,7 +418,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
if (!StringUtils.isEmpty(password)) {
//If the password is available then build the token
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(doc);
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index c59d16c..cf4333d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -222,9 +222,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected void insertAfter(Element child, Element sib) {
if (sib.getNextSibling() == null) {
- secHeader.getSecurityHeader().appendChild(child);
+ secHeader.getSecurityHeaderElement().appendChild(child);
} else {
- secHeader.getSecurityHeader().insertBefore(child, sib.getNextSibling());
+ secHeader.getSecurityHeaderElement().insertBefore(child, sib.getNextSibling());
}
}
@@ -235,12 +235,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
insertAfter(el, lastEncryptedKeyElement);
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
- } else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(
- el, secHeader.getSecurityHeader().getFirstChild()
+ } else if (secHeader.getSecurityHeaderElement().getFirstChild() != null) {
+ secHeader.getSecurityHeaderElement().insertBefore(
+ el, secHeader.getSecurityHeaderElement().getFirstChild()
);
} else {
- secHeader.getSecurityHeader().appendChild(el);
+ secHeader.getSecurityHeaderElement().appendChild(el);
}
lastEncryptedKeyElement = el;
}
@@ -249,15 +249,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (lastEncryptedKeyElement != null) {
insertAfter(el, lastEncryptedKeyElement);
} else if (lastDerivedKeyElement != null) {
- secHeader.getSecurityHeader().insertBefore(el, lastDerivedKeyElement);
+ secHeader.getSecurityHeaderElement().insertBefore(el, lastDerivedKeyElement);
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
- } else if (secHeader.getSecurityHeader().getFirstChild() != null) {
- secHeader.getSecurityHeader().insertBefore(
- el, secHeader.getSecurityHeader().getFirstChild()
+ } else if (secHeader.getSecurityHeaderElement().getFirstChild() != null) {
+ secHeader.getSecurityHeaderElement().insertBefore(
+ el, secHeader.getSecurityHeaderElement().getFirstChild()
);
} else {
- secHeader.getSecurityHeader().appendChild(el);
+ secHeader.getSecurityHeaderElement().appendChild(el);
}
lastEncryptedKeyElement = el;
}
@@ -272,29 +272,29 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
} else if (topDownElement != null) {
insertAfter(el, topDownElement);
} else if (bottomUpElement != null) {
- secHeader.getSecurityHeader().insertBefore(el, bottomUpElement);
+ secHeader.getSecurityHeaderElement().insertBefore(el, bottomUpElement);
} else {
- secHeader.getSecurityHeader().appendChild(el);
+ secHeader.getSecurityHeaderElement().appendChild(el);
}
lastSupportingTokenElement = el;
}
protected void insertBeforeBottomUp(Element el) {
if (bottomUpElement == null) {
- secHeader.getSecurityHeader().appendChild(el);
+ secHeader.getSecurityHeaderElement().appendChild(el);
} else {
- secHeader.getSecurityHeader().insertBefore(el, bottomUpElement);
+ secHeader.getSecurityHeaderElement().insertBefore(el, bottomUpElement);
}
bottomUpElement = el;
}
protected void addTopDownElement(Element el) {
if (topDownElement == null) {
- if (secHeader.getSecurityHeader().getFirstChild() == null) {
- secHeader.getSecurityHeader().appendChild(el);
+ if (secHeader.getSecurityHeaderElement().getFirstChild() == null) {
+ secHeader.getSecurityHeaderElement().appendChild(el);
} else {
- secHeader.getSecurityHeader().insertBefore(
- el, secHeader.getSecurityHeader().getFirstChild()
+ secHeader.getSecurityHeaderElement().insertBefore(
+ el, secHeader.getSecurityHeaderElement().getFirstChild()
);
}
} else {
@@ -335,11 +335,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (ttl <= 0) {
ttl = 300;
}
- timestampEl = new WSSecTimestamp();
+ timestampEl = new WSSecTimestamp(secHeader);
timestampEl.setIdAllocator(wssConfig.getIdAllocator());
timestampEl.setWsTimeSource(wssConfig.getCurrentTime());
timestampEl.setTimeToLive(ttl);
- timestampEl.prepare(saaj.getSOAPPart());
+ timestampEl.prepare();
String namespace = binding.getName().getNamespaceURI();
PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.INCLUDE_TIMESTAMP));
@@ -360,7 +360,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
new QName(binding.getLayout().getName().getNamespaceURI(),
SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
Element el = timestamp.getElement();
- secHeader.getSecurityHeader().appendChild(el);
+ secHeader.getSecurityHeaderElement().appendChild(el);
if (bottomUpElement == null) {
bottomUpElement = el;
}
@@ -398,17 +398,17 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
// Make sure that the Timestamp is in first place, if that is what the policy requires
if (binding.getLayout() != null && timestampEl != null) {
if (binding.getLayout().getLayoutType() == LayoutType.LaxTsFirst
- && secHeader.getSecurityHeader().getFirstChild() != timestampEl.getElement()) {
- Node firstChild = secHeader.getSecurityHeader().getFirstChild();
+ && secHeader.getSecurityHeaderElement().getFirstChild() != timestampEl.getElement()) {
+ Node firstChild = secHeader.getSecurityHeaderElement().getFirstChild();
while (firstChild != null && firstChild.getNodeType() != Node.ELEMENT_NODE) {
firstChild = firstChild.getNextSibling();
}
if (firstChild != null && firstChild != timestampEl.getElement()) {
- secHeader.getSecurityHeader().insertBefore(timestampEl.getElement(), firstChild);
+ secHeader.getSecurityHeaderElement().insertBefore(timestampEl.getElement(), firstChild);
}
} else if (binding.getLayout().getLayoutType() == LayoutType.LaxTsLast
- && secHeader.getSecurityHeader().getLastChild() != timestampEl.getElement()) {
- secHeader.getSecurityHeader().appendChild(timestampEl.getElement());
+ && secHeader.getSecurityHeaderElement().getLastChild() != timestampEl.getElement()) {
+ secHeader.getSecurityHeaderElement().appendChild(timestampEl.getElement());
}
}
}
@@ -476,11 +476,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (secToken.getX509Certificate() == null) {
ret.add(
- new SupportingToken(token, new WSSecurityTokenHolder(secToken),
+ new SupportingToken(token, new WSSecurityTokenHolder(secToken, secHeader),
getSignedParts(suppTokens))
);
} else {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
sig.setX509Certificate(secToken.getX509Certificate());
@@ -513,7 +513,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
sig.setUserInfo(uname, password);
try {
- sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
+ sig.prepare(secToken.getCrypto());
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
throw new Fault(e);
@@ -530,13 +530,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (bstElem != null) {
if (lastEncryptedKeyElement != null) {
if (lastEncryptedKeyElement.getNextSibling() != null) {
- secHeader.getSecurityHeader().insertBefore(bstElem,
+ secHeader.getSecurityHeaderElement().insertBefore(bstElem,
lastEncryptedKeyElement.getNextSibling());
} else {
- secHeader.getSecurityHeader().appendChild(bstElem);
+ secHeader.getSecurityHeaderElement().appendChild(bstElem);
}
} else {
- sig.prependBSTElementToHeader(secHeader);
+ sig.prependBSTElementToHeader();
}
if (suppTokens.isEncryptedToken()) {
WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
@@ -577,7 +577,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (endorse) {
WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
if (utBuilder != null) {
- utBuilder.prepare(saaj.getSOAPPart());
+ utBuilder.prepare();
addSupportingElement(utBuilder.getUsernameTokenElement());
ret.add(new SupportingToken(token, utBuilder, null));
if (encryptedToken) {
@@ -589,7 +589,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
} else {
WSSecUsernameToken utBuilder = addUsernameToken(token);
if (utBuilder != null) {
- utBuilder.prepare(saaj.getSOAPPart());
+ utBuilder.prepare();
addSupportingElement(utBuilder.getUsernameTokenElement());
ret.add(new SupportingToken(token, utBuilder, null));
//WebLogic and WCF always encrypt these
@@ -608,8 +608,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
protected Element cloneElement(Element el) {
- if (!secHeader.getSecurityHeader().getOwnerDocument().equals(el.getOwnerDocument())) {
- return (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
+ if (!secHeader.getSecurityHeaderElement().getOwnerDocument().equals(el.getOwnerDocument())) {
+ return (Element)secHeader.getSecurityHeaderElement().getOwnerDocument().importNode(el, true);
}
return el;
}
@@ -774,7 +774,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
if (!StringUtils.isEmpty(userName)) {
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader);
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
@@ -825,7 +825,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
if (!StringUtils.isEmpty(userName)) {
- WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader);
utBuilder.setIdAllocator(wssConfig.getIdAllocator());
utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
@@ -839,7 +839,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
// If the password is available then build the token
utBuilder.setUserInfo(userName, password);
utBuilder.addDerivedKey(useMac, null, 1000);
- utBuilder.prepare(saaj.getSOAPPart());
+ utBuilder.prepare();
} else {
unassertPolicy(token, "No password available");
return null;
@@ -1425,7 +1425,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException {
- WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader);
encrKey.setIdAllocator(wssConfig.getIdAllocator());
encrKey.setCallbackLookup(callbackLookup);
encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
@@ -1449,7 +1449,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encrKey.setMGFAlgorithm(algType.getMGFAlgo());
- encrKey.prepare(saaj.getSOAPPart(), crypto);
+ encrKey.prepare(crypto);
if (alsoIncludeToken) {
X509Certificate encCert = getEncryptCert(crypto, encrUser);
@@ -1458,7 +1458,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
bstToken.addWSUNamespace();
bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", encCert));
WSSecurityUtil.prependChildElement(
- secHeader.getSecurityHeader(), bstToken.getElement()
+ secHeader.getSecurityHeaderElement(), bstToken.getElement()
);
bstElement = bstToken.getElement();
}
@@ -1705,7 +1705,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected WSSecSignature getSignatureBuilder(
AbstractToken token, boolean attached, boolean endorse
) throws WSSecurityException {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
@@ -1825,7 +1825,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sig.setAddInclusivePrefixes(includePrefixes);
try {
- sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
+ sig.prepare(crypto);
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(token, e);
@@ -1861,7 +1861,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sigParts.add(bstPart);
}
try {
- List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts);
sig.computeSignature(referenceList, false, null);
addSig(sig.getSignatureValue());
@@ -1929,7 +1929,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
throws WSSecurityException {
Document doc = saaj.getSOAPPart();
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
@@ -1984,7 +1984,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.setCustomValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
}
- dkSign.prepare(doc, secHeader);
+ dkSign.prepare();
if (isTokenProtection) {
String sigTokId = XMLUtils.getIDFromReference(tok.getId());
@@ -1993,7 +1993,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.getParts().addAll(sigParts);
- List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts);
//Add elements to header
addSupportingElement(dkSign.getdktElement());
@@ -2014,8 +2014,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
boolean isSigProtect)
throws WSSecurityException {
- Document doc = saaj.getSOAPPart();
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
@@ -2064,10 +2063,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
- sig.prepare(doc, getSignatureCrypto(), secHeader);
+ sig.prepare(getSignatureCrypto());
sig.getParts().addAll(sigParts);
- List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts);
//Do signature
sig.computeSignature(referenceList, false, null);
@@ -2166,13 +2165,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sigConfList = new ArrayList<>();
// prepare a SignatureConfirmation token
- WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
wsc.setIdAllocator(wssConfig.getIdAllocator());
if (signatureActions.size() > 0) {
for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
- wsc.prepare(saaj.getSOAPPart());
+ wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
@@ -2183,7 +2182,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
} else {
//No Sig value
- wsc.prepare(saaj.getSOAPPart());
+ wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 28c33d8..bea5631 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -404,9 +404,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
&& encrBase instanceof WSSecDKEncrypt) {
try {
Element secondRefList =
- ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts, secHeader);
+ ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
if (secondRefList != null) {
- ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+ ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList);
}
} catch (WSSecurityException ex) {
@@ -424,7 +424,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else {
this.insertBeforeBottomUp(secondRefList);
}
- ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts, secHeader);
+ ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -446,14 +446,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
} else {
try {
- WSSecEncrypt encr = new WSSecEncrypt();
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
encr.setEncryptionSerializer(new StaxSerializer());
encr.setIdAllocator(wssConfig.getIdAllocator());
encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setStoreBytesInAttachment(storeBytesInAttachment);
- encr.setDocument(saaj.getSOAPPart());
Crypto crypto = getEncryptionCrypto();
SecurityToken securityToken = getSecurityToken();
@@ -499,13 +498,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encr.setMGFAlgorithm(algType.getMGFAlgo());
encr.setDigestAlgorithm(algType.getEncryptionDigest());
- encr.prepare(saaj.getSOAPPart(), crypto);
+ encr.prepare(crypto);
Element encryptedKeyElement = encr.getEncryptedKeyElement();
List<Element> attachments = encr.getAttachmentEncryptedDataElements();
//Encrypt, get hold of the ref list and add it
if (externalRef) {
- Element refList = encr.encryptForRef(null, encrParts, secHeader);
+ Element refList = encr.encryptForRef(null, encrParts);
if (refList != null) {
insertBeforeBottomUp(refList);
}
@@ -518,7 +517,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
this.addEncryptedKeyElement(encryptedKeyElement);
}
} else {
- Element refList = encr.encryptForRef(null, encrParts, secHeader);
+ Element refList = encr.encryptForRef(null, encrParts);
if (refList != null || (attachments != null && !attachments.isEmpty())) {
this.addEncryptedKeyElement(encryptedKeyElement);
}
@@ -536,7 +535,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Put BST before EncryptedKey element
if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader(secHeader);
+ encr.prependBSTElementToHeader();
}
return encr;
@@ -554,7 +553,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
List<WSEncryptionPart> encrParts,
AlgorithmSuite algorithmSuite) {
try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
dkEncr.setIdAllocator(wssConfig.getIdAllocator());
dkEncr.setCallbackLookup(callbackLookup);
@@ -575,10 +574,10 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare(saaj.getSOAPPart());
+ dkEncr.prepare();
addDerivedKeyElement(dkEncr.getdktElement());
- Element refList = dkEncr.encryptForExternalRef(null, encrParts, secHeader);
+ Element refList = dkEncr.encryptForExternalRef(null, encrParts);
if (refList != null) {
insertBeforeBottomUp(refList);
}
@@ -631,7 +630,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Add the BST to the security header if required
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
- sig.appendBSTElementToHeader(secHeader);
+ sig.appendBSTElementToHeader();
}
return;
}
@@ -639,7 +638,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Set up the encrypted key to use
setupEncryptedKey(wrapper, sigToken);
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
@@ -666,7 +665,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
- dkSign.prepare(saaj.getSOAPPart(), secHeader);
+ dkSign.prepare();
if (abinding.isProtectTokens()) {
assertPolicy(
@@ -686,7 +685,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.getParts().addAll(sigParts);
- List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts);
if (!referenceList.isEmpty()) {
// Add elements to header
addDerivedKeyElement(dkSign.getdktElement());
@@ -719,10 +718,10 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
bstPart.setElement(sig.getBinarySecurityTokenElement());
sigParts.add(bstPart);
}
- sig.prependBSTElementToHeader(secHeader);
+ sig.prependBSTElementToHeader();
}
- List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts);
if (!referenceList.isEmpty()) {
//Do signature
if (bottomUpElement == null) {
@@ -735,7 +734,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (!abinding.isProtectTokens()) {
Element bstElement = sig.getBinarySecurityTokenElement();
if (bstElement != null) {
- secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+ secHeader.getSecurityHeaderElement().insertBefore(bstElement, bottomUpElement);
}
}
@@ -787,7 +786,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
Element bstElem = encrKey.getBinarySecurityTokenElement();
if (bstElem != null) {
// If a BST is available then use it
- encrKey.prependBSTElementToHeader(secHeader);
+ encrKey.prependBSTElementToHeader();
}
// Add the EncryptedKey
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 2534048..473cd2a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -251,10 +251,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys
&& !secondEncrParts.isEmpty()) {
secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,
- secondEncrParts, secHeader);
+ secondEncrParts);
} else if (!secondEncrParts.isEmpty()) {
//Encrypt, get hold of the ref list and add it
- secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts, secHeader);
+ secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts);
}
if (secondRefList != null) {
this.addDerivedKeyElement(secondRefList);
@@ -402,7 +402,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
List<WSEncryptionPart> encrParts,
boolean atEnd) {
try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
dkEncr.setIdAllocator(wssConfig.getIdAllocator());
dkEncr.setCallbackLookup(callbackLookup);
@@ -486,12 +486,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare(saaj.getSOAPPart());
+ dkEncr.prepare();
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
- Element refList = dkEncr.encryptForExternalRef(null, encrParts, secHeader);
+ Element refList = dkEncr.encryptForExternalRef(null, encrParts);
List<Element> attachments = dkEncr.getAttachmentEncryptedDataElements();
addAttachmentsForEncryption(atEnd, refList, attachments);
@@ -519,7 +519,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
attached, encrParts, atEnd);
} else {
try {
- WSSecEncrypt encr = new WSSecEncrypt();
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
encr.setEncryptionSerializer(new StaxSerializer());
encr.setIdAllocator(wssConfig.getIdAllocator());
encr.setCallbackLookup(callbackLookup);
@@ -552,7 +552,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
setEncryptionUser(encr, encrToken, false, crypto);
}
- encr.setDocument(saaj.getSOAPPart());
encr.setEncryptSymmKey(false);
encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
@@ -595,13 +594,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
- encr.prepare(saaj.getSOAPPart(), crypto);
+ encr.prepare(crypto);
if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader(secHeader);
+ encr.prependBSTElementToHeader();
}
- Element refList = encr.encryptForRef(null, encrParts, secHeader);
+ Element refList = encr.encryptForRef(null, encrParts);
List<Element> attachments = encr.getAttachmentEncryptedDataElements();
addAttachmentsForEncryption(atEnd, refList, attachments);
@@ -643,7 +642,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
SecurityToken tok,
boolean included) throws WSSecurityException {
Document doc = saaj.getSOAPPart();
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
@@ -735,7 +734,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
- dkSign.prepare(doc, secHeader);
+ dkSign.prepare();
if (sbinding.isProtectTokens()) {
String sigTokId = tok.getId();
@@ -754,7 +753,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
dkSign.getParts().addAll(sigs);
- List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigs);
if (!referenceList.isEmpty()) {
//Add elements to header
Element el = dkSign.getdktElement();
@@ -783,7 +782,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
} else {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
@@ -888,9 +887,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
crypto = getSignatureCrypto();
}
this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
- sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
+ sig.prepare(crypto);
sig.getParts().addAll(sigs);
- List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigs);
if (!referenceList.isEmpty()) {
//Do signature
if (bottomUpElement == null) {
@@ -937,7 +936,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
//If direct ref is used to refer to the cert
//then add the cert to the sec header now
if (bstTokenId != null && bstTokenId.length() > 0) {
- encrKey.prependBSTElementToHeader(secHeader);
+ encrKey.prependBSTElementToHeader();
}
return id;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 4e092d7..b0495e6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -29,7 +29,6 @@ import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
@@ -105,8 +104,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token instanceof UsernameToken) {
WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken)token);
if (utBuilder != null) {
- utBuilder.prepare(saaj.getSOAPPart());
- utBuilder.appendToHeader(secHeader);
+ utBuilder.prepare();
+ utBuilder.appendToHeader();
}
} else if (token instanceof IssuedToken || token instanceof KerberosToken
|| token instanceof SpnegoContextToken) {
@@ -345,8 +344,6 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
private byte[] doX509TokenSignature(AbstractToken token, SupportingTokens wrapper)
throws Exception {
- Document doc = saaj.getSOAPPart();
-
List<WSEncryptionPart> sigParts =
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
@@ -358,9 +355,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (bstElem != null) {
addTopDownElement(bstElem);
}
- encrKey.appendToHeader(secHeader);
+ encrKey.appendToHeader();
- WSSecDKSign dkSig = new WSSecDKSign();
+ WSSecDKSign dkSig = new WSSecDKSign(secHeader);
dkSig.setIdAllocator(wssConfig.getIdAllocator());
dkSig.setCallbackLookup(callbackLookup);
if (token.getVersion() == SPConstants.SPVersion.SP11) {
@@ -374,13 +371,13 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
- dkSig.prepare(doc, secHeader);
+ dkSig.prepare();
dkSig.getParts().addAll(sigParts);
- List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
//Do signature
- dkSig.appendDKElementToHeader(secHeader);
+ dkSig.appendDKElementToHeader();
dkSig.computeSignature(referenceList, false, null);
return dkSig.getSignatureValue();
@@ -388,9 +385,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
WSSecSignature sig = getSignatureBuilder(token, false, false);
assertPolicy(wrapper);
if (sig != null) {
- sig.prependBSTElementToHeader(secHeader);
+ sig.prependBSTElementToHeader();
- List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts);
if (bottomUpElement == null) {
sig.computeSignature(referenceList, false, null);
@@ -451,7 +448,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
List<WSEncryptionPart> sigParts
) throws Exception {
//Do Signature with derived keys
- WSSecDKSign dkSign = new WSSecDKSign();
+ WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
@@ -481,13 +478,12 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token.getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- Document doc = saaj.getSOAPPart();
- dkSign.prepare(doc, secHeader);
+ dkSign.prepare();
addDerivedKeyElement(dkSign.getdktElement());
dkSign.getParts().addAll(sigParts);
- List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = dkSign.addReferencesToSign(sigParts);
//Do signature
dkSign.computeSignature(referenceList, false, null);
@@ -502,7 +498,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
SupportingTokens wrapper,
List<WSEncryptionPart> sigParts
) throws Exception {
- WSSecSignature sig = new WSSecSignature();
+ WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
@@ -583,11 +579,10 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
- Document doc = saaj.getSOAPPart();
- sig.prepare(doc, crypto, secHeader);
+ sig.prepare(crypto);
sig.getParts().addAll(sigParts);
- List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
+ List<Reference> referenceList = sig.addReferencesToSign(sigParts);
//Do signature
if (bottomUpElement == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
index 14d35b4..3791d1a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.dom.message.WSSecBase;
+import org.apache.wss4j.dom.message.WSSecHeader;
/**
*
@@ -28,8 +29,8 @@ import org.apache.wss4j.dom.message.WSSecBase;
public class WSSecurityTokenHolder extends WSSecBase {
SecurityToken token;
- public WSSecurityTokenHolder(SecurityToken t) {
- super();
+ public WSSecurityTokenHolder(SecurityToken t, WSSecHeader securityHeader) {
+ super(securityHeader);
token = t;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java
index bcb0d95..35c76f9 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java
@@ -224,12 +224,12 @@ public class WSS4JOutInterceptorTest extends AbstractSecurityTest {
private int executions;
@Override
- public void execute(WSHandler handler, SecurityActionToken actionToken, Document doc,
+ public void execute(WSHandler handler, SecurityActionToken actionToken,
RequestData reqData) throws WSSecurityException {
this.executions++;
reqData.setPwType(WSConstants.PW_TEXT);
- super.execute(handler, actionToken, doc, reqData);
+ super.execute(handler, actionToken, reqData);
}
public int getExecutions() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
index 0b03e57..2026ec2 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
@@ -171,10 +171,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
Document doc = docBuilder.newDocument();
// Create an Encrypted Key
- WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(doc, null);
+ encrKey.prepare(null);
ephemeralKey = encrKey.getEphemeralKey();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 82f739c..b1360b8 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -341,15 +341,15 @@ public abstract class AbstractOperation {
}
}
- WSSecEncryptedKey builder = new WSSecEncryptedKey();
+ Document doc = DOMUtils.createDocument();
+
+ WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
builder.setUserInfo(name);
builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
builder.setEphemeralKey(secret);
builder.setKeyEncAlgo(keyWrapAlgorithm);
- Document doc = DOMUtils.createDocument();
-
- builder.prepare(doc, stsProperties.getEncryptionCrypto());
+ builder.prepare(stsProperties.getEncryptionCrypto());
return builder.getEncryptedKeyElement();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index 9433039..5feb707 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -334,13 +334,13 @@ public class DefaultSubjectProvider implements SubjectProvider {
KeyInfoBean keyInfo = new KeyInfoBean();
// Create an EncryptedKey
- WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
encrKey.setEphemeralKey(secret);
encrKey.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionAlgorithm());
encrKey.setUseThisCert(certificate);
encrKey.setKeyEncAlgo(encryptionProperties.getKeyWrapAlgorithm());
- encrKey.prepare(doc, encryptionCrypto);
+ encrKey.prepare(encryptionCrypto);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
index c0794a1..5d0ed4e 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
@@ -149,7 +149,10 @@ public final class TokenProviderUtils {
}
}
- WSSecEncrypt builder = new WSSecEncrypt();
+ Document doc = element.getOwnerDocument();
+ doc.appendChild(element);
+
+ WSSecEncrypt builder = new WSSecEncrypt(doc);
if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(name)) {
X509Certificate cert = getReqSigCert(messageContext);
builder.setUseThisCert(cert);
@@ -164,10 +167,7 @@ public final class TokenProviderUtils {
WSEncryptionPart encryptionPart = new WSEncryptionPart(id, "Element");
encryptionPart.setElement(element);
- Document doc = element.getOwnerDocument();
- doc.appendChild(element);
-
- builder.prepare(element.getOwnerDocument(), stsProperties.getEncryptionCrypto());
+ builder.prepare(stsProperties.getEncryptionCrypto());
builder.encryptForRef(null, Collections.singletonList(encryptionPart));
return doc.getDocumentElement();
http://git-wip-us.apache.org/repos/asf/cxf/blob/970080fb/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index c7326d1..1db76c6 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -825,13 +825,13 @@ public class IssueSamlUnitTest extends org.junit.Assert {
);
// Now add Entropy
- WSSecEncryptedKey builder = new WSSecEncryptedKey();
+ Document doc = DOMUtils.createDocument();
+ WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
builder.setUserInfo("mystskey");
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setKeyEncAlgo(WSConstants.KEYTRANSPORT_RSAOAEP);
- Document doc = DOMUtils.createDocument();
- builder.prepare(doc, stsProperties.getSignatureCrypto());
+ builder.prepare(stsProperties.getSignatureCrypto());
Element encryptedKeyElement = builder.getEncryptedKeyElement();
byte[] secret = builder.getEphemeralKey();