You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/03/03 03:47:58 UTC
svn commit: r749513 - in /cxf/trunk: parent/pom.xml
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Author: dkulp
Date: Tue Mar 3 02:47:58 2009
New Revision: 749513
URL: http://svn.apache.org/viewvc?rev=749513&view=rev
Log:
Go ahead and grab 4.0.2
Modified:
cxf/trunk/parent/pom.xml
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/trunk/parent/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/parent/pom.xml?rev=749513&r1=749512&r2=749513&view=diff
==============================================================================
--- cxf/trunk/parent/pom.xml (original)
+++ cxf/trunk/parent/pom.xml Tue Mar 3 02:47:58 2009
@@ -1047,8 +1047,8 @@
<id>woodstox4</id>
<properties>
<stax.impl.groupId>org.codehaus.woodstox</stax.impl.groupId>
- <stax.impl.artifactId>wstx-asl</stax.impl.artifactId>
- <stax.impl.version>3.9.9-3</stax.impl.version>
+ <stax.impl.artifactId>woodstox-core-asl</stax.impl.artifactId>
+ <stax.impl.version>4.0.2</stax.impl.version>
</properties>
</profile>
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=749513&r1=749512&r2=749513&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Mar 3 02:47:58 2009
@@ -19,11 +19,14 @@
package org.apache.cxf.ws.security.trust;
+import java.io.IOException;
+import java.net.URL;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
import java.util.Vector;
import java.util.logging.Logger;
@@ -35,11 +38,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
@@ -54,6 +59,7 @@
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
@@ -64,6 +70,7 @@
import org.apache.cxf.ws.policy.EffectivePolicy;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyEngine;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Trust10;
@@ -75,9 +82,11 @@
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.processor.EncryptedDataProcessor;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -113,10 +122,6 @@
Map<String, Object> ctx = new HashMap<String, Object>();
- private CallbackHandler cbHandler;
-
- private Crypto crypto;
-
public STSClient(Bus b) {
bus = b;
}
@@ -449,15 +454,21 @@
}
el = DOMUtils.getNextElement(el);
}
+ Element rstDec = rst;
+ try {
+ rstDec = decrypt(rst);
+ } catch (IOException e1) {
+ throw new TrustException(e1);
+ }
String id = findID(rar, rur, rst);
if (StringUtils.isEmpty(id)) {
throw new TrustException(new Message("NO_ID", LOG));
}
- SecurityToken token = new SecurityToken(id, copyElement(rst), copyElement(lte));
- token.setAttachedReference(copyElement(rar));
- token.setUnattachedReference(copyElement(rur));
+ SecurityToken token = new SecurityToken(id, rstDec, lte);
+ token.setAttachedReference(rar);
+ token.setUnattachedReference(rur);
token.setIssuerAddress(location);
@@ -476,12 +487,12 @@
EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
- processor.handleToken(child, null, crypto,
- cbHandler, null, new Vector(),
+ processor.handleToken(child, null, createCrypto(),
+ createHandler(), null, new Vector(),
null);
secret = processor.getDecryptedBytes();
- } catch (WSSecurityException e) {
+ } catch (IOException e) {
throw new TrustException(new Message("ENCRYPTED_KEY_ERROR", LOG), e);
}
} else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
@@ -519,19 +530,92 @@
return token;
}
- private Element copyElement(Element el) {
- if (el == null) {
- return null;
+ protected Element decrypt(Element firstElement) throws IOException {
+ if ("EncryptedData".equals(firstElement.getLocalName())
+ && "http://www.w3.org/2001/04/xmlenc#".equals(firstElement.getNamespaceURI())) {
+
+ Node parent = firstElement.getParentNode();
+ Node prev = firstElement.getPreviousSibling();
+
+ //encrypted even more. WCF seems to do this periodically
+ EncryptedDataProcessor processor = new EncryptedDataProcessor();
+
+ processor.handleToken(firstElement, null, createCrypto(),
+ createHandler(), null, new Vector(),
+ null);
+
+ if (prev == null) {
+ firstElement = (Element)parent.getFirstChild();
+ } else {
+ firstElement = (Element)prev.getNextSibling();
+ }
+
}
- try {
- W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
- writer.setNsRepairing(true);
- StaxUtils.copy(el, writer);
- return writer.getDocument().getDocumentElement();
- } catch (Exception ex) {
- return el;
+ return firstElement;
+ }
+
+ private CallbackHandler createHandler() {
+ Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);
+ if (o instanceof String) {
+ try {
+ Class<?> cls = ClassLoaderUtils.loadClass((String)o, this.getClass());
+ o = cls.newInstance();
+ } catch (Exception e) {
+ throw new Fault(e);
+ }
}
+ return (CallbackHandler)o;
}
+
+ private Object getProperty(String s) {
+ Object o = ctx.get(s);
+ if (o == null) {
+ o = client.getEndpoint()
+ .getEndpointInfo().getProperty(s);
+ }
+ if (o == null) {
+ o = client.getEndpoint().getEndpointInfo().getBinding().getProperty(s);
+ }
+ if (o == null) {
+ o = client.getEndpoint().getService().get(s);
+ }
+ return o;
+ }
+
+ private Crypto createCrypto() throws IOException {
+ Crypto crypto = (Crypto)getProperty(SecurityConstants.ENCRYPT_CRYPTO);
+ if (crypto != null) {
+ return crypto;
+ }
+
+
+ Object o = getProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ Properties properties = null;
+ if (o instanceof Properties) {
+ properties = (Properties)o;
+ } else if (o instanceof String) {
+ ResourceManager rm = bus.getExtension(ResourceManager.class);
+ URL url = rm.resolveResource((String)o, URL.class);
+ if (url == null) {
+ url = ClassLoaderUtils.getResource((String)o, this.getClass());
+ }
+ if (url != null) {
+ properties = new Properties();
+ properties.load(url.openStream());
+ } else {
+ throw new Fault("Could not find properties file " + url, LOG);
+ }
+ } else if (o instanceof URL) {
+ properties = new Properties();
+ properties.load(((URL)o).openStream());
+ }
+
+ if (properties != null) {
+ return CryptoFactory.getInstance(properties);
+ }
+ return null;
+ }
+
private String findID(Element rar, Element rur, Element rst) {
String id = null;
if (rst != null) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=749513&r1=749512&r2=749513&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Mar 3 02:47:58 2009
@@ -365,13 +365,18 @@
return dkSign.getSignatureValue();
} else {
WSSecSignature sig = new WSSecSignature();
- sig.setCustomTokenId(secTok.getId().substring(1));
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
- + WSConstants.SAML_ASSERTION_ID);
+ sig.setCustomTokenId(secTok.getId());
+ if (secTok.getTokenType() == null) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+ + WSConstants.SAML_ASSERTION_ID);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else {
+ sig.setCustomTokenValueType(secTok.getTokenType());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ }
sig.setSecretKey(secTok.getSecret());
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
- sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
sig.prepare(doc, getSignatureCrypto(wrapper), secHeader);
sig.setParts(sigParts);