You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2011/10/27 13:49:17 UTC

svn commit: r1189707 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java

Author: coheigea
Date: Thu Oct 27 11:49:17 2011
New Revision: 1189707

URL: http://svn.apache.org/viewvc?rev=1189707&view=rev
Log:
Added a check for an X.509 token in the InitiatorToken of the AsymmetricBindingPolicyValidator

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1189707&r1=1189706&r2=1189707&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java Thu Oct 27 11:49:17 2011
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
+import java.security.cert.X509Certificate;
+
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -28,6 +30,8 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
 
@@ -102,6 +106,19 @@ public class AsymmetricBindingPolicyVali
         AssertionInfoMap aim
     ) {
         if (binding.getInitiatorToken() != null) {
+            Token token = binding.getInitiatorToken().getToken();
+            if (token instanceof X509Token) {
+                for (WSSecurityEngineResult result : signedResults) {
+                    X509Certificate cert = 
+                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                    if (cert == null) {
+                        String error = "An X.509 certificate was not used for the initiator token";
+                        notAssertPolicy(aim, binding.getInitiatorToken().getName(), error);
+                        ai.setNotAsserted(error);
+                        return false;
+                    }
+                }
+            }
             assertPolicy(aim, binding.getInitiatorToken());
             if (!checkDerivedKeys(
                 binding.getInitiatorToken(), hasDerivedKeys, signedResults, encryptedResults