You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/07/21 18:33:59 UTC
git commit: Precompile Subject Constraints
Repository: cxf-fediz
Updated Branches:
refs/heads/master b5011300a -> cae5c37f3
Precompile Subject Constraints
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/cae5c37f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/cae5c37f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/cae5c37f
Branch: refs/heads/master
Commit: cae5c37f3cb6a9250fb2c5c52c16cd0cc759dd6b
Parents: b501130
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 21 17:33:40 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 21 17:33:40 2014 +0100
----------------------------------------------------------------------
.../cxf/fediz/core/config/TrustedIssuer.java | 16 ++++++++++++++++
.../core/saml/FedizSignatureTrustValidator.java | 20 --------------------
.../cxf/fediz/core/saml/SAMLTokenValidator.java | 8 +++++++-
.../fediz/core/saml/SamlAssertionValidator.java | 14 +++-----------
.../samlsso/SAMLProtocolResponseValidator.java | 10 ++++++++--
5 files changed, 34 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
index 713b2b4..697fa87 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustedIssuer.java
@@ -19,11 +19,14 @@
package org.apache.cxf.fediz.core.config;
+import java.util.regex.Pattern;
+
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
public class TrustedIssuer {
private final TrustedIssuerType trustedIssuerType;
+ private Pattern subject;
public TrustedIssuer(TrustedIssuerType trustedIssuerType) {
@@ -39,12 +42,25 @@ public class TrustedIssuer {
trustedIssuerType.setName(name);
}
+ public Pattern getCompiledSubject() {
+ if (subject != null) {
+ return subject;
+ }
+
+ if (trustedIssuerType.getSubject() != null) {
+ subject = Pattern.compile(trustedIssuerType.getSubject());
+ }
+
+ return subject;
+ }
+
public String getSubject() {
return trustedIssuerType.getSubject();
}
public void setSubject(String subject) {
trustedIssuerType.setSubject(subject);
+ this.subject = null;
}
public CertificateValidationMethod getCertificateValidationMethod() {
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index 0a2ff81..5ee33eb 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -26,10 +26,8 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -78,24 +76,6 @@ public class FedizSignatureTrustValidator implements Validator {
}
/**
- * Set a list of Strings corresponding to regular expression constraints on
- * the subject DN of a certificate
- */
- public void setSubjectConstraints(List<String> constraints) {
- if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
- for (String constraint : constraints) {
- try {
- subjectDNPatterns.add(Pattern.compile(constraint.trim()));
- } catch (PatternSyntaxException ex) {
- // LOG.severe(ex.getMessage());
- throw ex;
- }
- }
- }
- }
-
- /**
* Validate the credential argument. It must contain either some Certificates or a PublicKey.
*
* A Crypto and a CallbackHandler implementation is required to be set.
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 0b9b68a..81f73f8 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -27,6 +27,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
+import java.util.regex.Pattern;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.Claim;
@@ -134,7 +135,12 @@ public class SAMLTokenValidator implements TokenValidator {
List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
for (TrustedIssuer ti : trustedIssuers) {
- List<String> subjectConstraints = Collections.singletonList(ti.getSubject());
+ Pattern subjectConstraint = ti.getCompiledSubject();
+ List<Pattern> subjectConstraints = new ArrayList<Pattern>(1);
+ if (subjectConstraint != null) {
+ subjectConstraints.add(subjectConstraint);
+ }
+
if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
trustValidator.setSubjectConstraints(subjectConstraints);
trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
index e72f021..f48945c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
@@ -24,7 +24,6 @@ import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TRUST_TYPE;
import org.apache.wss4j.common.cache.ReplayCache;
@@ -91,17 +90,10 @@ public class SamlAssertionValidator implements Validator {
* Set a list of Strings corresponding to regular expression constraints on
* the subject DN of a certificate
*/
- public void setSubjectConstraints(List<String> constraints) {
+ public void setSubjectConstraints(Collection<Pattern> constraints) {
if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
- for (String constraint : constraints) {
- try {
- subjectDNPatterns.add(Pattern.compile(constraint.trim()));
- } catch (PatternSyntaxException ex) {
- // LOG.severe(ex.getMessage());
- throw ex;
- }
- }
+ subjectDNPatterns.clear();
+ subjectDNPatterns.addAll(constraints);
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cae5c37f/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
index d086aee..c674f9e 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
@@ -18,8 +18,9 @@
*/
package org.apache.cxf.fediz.core.samlsso;
-import java.util.Collections;
+import java.util.ArrayList;
import java.util.List;
+import java.util.regex.Pattern;
import org.w3c.dom.Document;
import org.apache.cxf.fediz.core.config.CertificateValidationMethod;
@@ -229,7 +230,12 @@ public class SAMLProtocolResponseValidator {
List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
for (TrustedIssuer ti : trustedIssuers) {
- List<String> subjectConstraints = Collections.singletonList(ti.getSubject());
+ Pattern subjectConstraint = ti.getCompiledSubject();
+ List<Pattern> subjectConstraints = new ArrayList<Pattern>(1);
+ if (subjectConstraint != null) {
+ subjectConstraints.add(subjectConstraint);
+ }
+
if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
trustValidator.setSubjectConstraints(subjectConstraints);
trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);