You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/08/04 13:28:52 UTC
svn commit: r1153851 - in
/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security:
common/ saml/ xml/
Author: sergeyb
Date: Thu Aug 4 11:28:51 2011
New Revision: 1153851
URL: http://svn.apache.org/viewvc?rev=1153851&view=rev
Log:
CXF-3661,CXF-3677: More refactoring to minimize the duplication
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java (with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java (with props)
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/SecurityUtils.java Thu Aug 4 11:28:51 2011
@@ -20,6 +20,7 @@
package org.apache.cxf.systest.jaxrs.security.common;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import javax.security.auth.callback.CallbackHandler;
@@ -31,6 +32,7 @@ import org.apache.cxf.ws.security.Securi
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoType;
public final class SecurityUtils {
@@ -38,6 +40,18 @@ public final class SecurityUtils {
}
+ public static X509Certificate[] getCertificates(Crypto crypto, String user)
+ throws WSSecurityException {
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(user);
+ X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+ if (issuerCerts == null || issuerCerts.length == 0) {
+ throw new WSSecurityException(
+ "No issuer certs were found using issuer name: " + user);
+ }
+ return issuerCerts;
+ }
+
public static Crypto getCrypto(Message message,
String cryptoKey,
String propKey)
Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java?rev=1153851&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java (added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java Thu Aug 4 11:28:51 2011
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.common;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+
+public class TrustValidator {
+ public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey)
+ throws WSSecurityException {
+ SignatureTrustValidator validator = new SignatureTrustValidator();
+ RequestData data = new RequestData();
+ data.setSigCrypto(crypto);
+
+ Credential trustCredential = new Credential();
+ trustCredential.setPublicKey(publicKey);
+ trustCredential.setCertificates(new X509Certificate[]{cert});
+ validator.validate(trustCredential, data);
+ }
+}
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/TrustValidator.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java Thu Aug 4 11:28:51 2011
@@ -29,12 +29,11 @@ import java.util.Arrays;
import java.util.List;
import java.util.logging.Logger;
-import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.w3c.dom.Document;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
@@ -42,6 +41,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
+import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -85,7 +85,7 @@ public abstract class AbstractSamlInHand
RequestData data = new RequestData();
WSSConfig cfg = WSSConfig.getNewInstance();
data.setWssConfig(cfg);
- data.setCallbackHandler(getCallbackHandler(message));
+ data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
try {
data.setSigCrypto(new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
@@ -294,21 +294,4 @@ public abstract class AbstractSamlInHand
return false;
}
- private CallbackHandler getCallbackHandler(Message message) {
- //Then try to get the password from the given callback handler
- Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
-
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils
- .loadClass((String)o, this.getClass()).newInstance();
- } catch (Exception e) {
- handler = null;
- }
- }
- return handler;
- }
}
Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java?rev=1153851&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java (added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java Thu Aug 4 11:28:51 2011
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.lang.annotation.Annotation;
+import java.util.List;
+import java.util.logging.Logger;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
+import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.ws.security.WSSConfig;
+
+
+public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(AbstractXmlSecOutInterceptor.class);
+
+ static {
+ WSSConfig.init();
+ }
+
+ public AbstractXmlSecOutInterceptor() {
+ super(Phase.WRITE);
+ }
+
+ public void handleMessage(Message message) throws Fault {
+ try {
+ Document doc = getDomDocument(message);
+ if (doc == null) {
+ return;
+ }
+
+ Document finalDoc = processDocument(message, doc);
+ message.setContent(List.class,
+ new MessageContentsList(new DOMSource(finalDoc)));
+ } catch (Exception ex) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
+ LOG.warning(sw.toString());
+ throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+ }
+ }
+
+ protected abstract Document processDocument(Message message, Document doc)
+ throws Exception;
+
+
+
+ private Object getRequestBody(Message message) {
+ MessageContentsList objs = MessageContentsList.getContentsList(message);
+ if (objs == null || objs.size() == 0) {
+ return null;
+ } else {
+ return objs.get(0);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private Document getDomDocument(Message m) throws Exception {
+
+ Object body = getRequestBody(m);
+ if (body == null) {
+ return null;
+ }
+
+ if (body instanceof Document) {
+ return (Document)body;
+ }
+ if (body instanceof DOMSource) {
+ return (Document)((DOMSource)body).getNode();
+ }
+
+ ProviderFactory pf = ProviderFactory.getInstance(m);
+
+ Object providerObject = pf.createMessageBodyWriter(body.getClass(),
+ body.getClass(), new Annotation[]{},
+ MediaType.APPLICATION_XML_TYPE, m);
+ if (!(providerObject instanceof JAXBElementProvider)) {
+ return null;
+ }
+ JAXBElementProvider provider = (JAXBElementProvider)providerObject;
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ m.setContent(XMLStreamWriter.class, writer);
+ provider.writeTo(body, body.getClass(),
+ body.getClass(), new Annotation[]{},
+ MediaType.APPLICATION_XML_TYPE,
+ (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
+ return writer.getDocument();
+ }
+
+}
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/AbstractXmlSecOutInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java Thu Aug 4 11:28:51 2011
@@ -37,6 +37,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
@@ -47,15 +48,13 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
+import org.apache.cxf.systest.jaxrs.security.common.TrustValidator;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
@@ -146,11 +145,8 @@ public class XmlEncInHandler implements
throwFault("X509Certificate can not be created", ex);
}
- Credential trustCredential = new Credential();
- trustCredential.setPublicKey(null);
- trustCredential.setCertificates(new X509Certificate[]{cert});
try {
- validateTrust(trustCredential, crypto);
+ new TrustValidator().validateTrust(crypto, cert, null);
} catch (Exception ex) {
throwFault(ex.getMessage(), ex);
}
@@ -234,13 +230,7 @@ public class XmlEncInHandler implements
return null;
}
- private void validateTrust(Credential cred, Crypto crypto) throws Exception {
- SignatureTrustValidator validator = new SignatureTrustValidator();
- RequestData data = new RequestData();
- data.setSigCrypto(crypto);
- validator.validate(cred, data);
- }
-
+
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java Thu Aug 4 11:28:51 2011
@@ -18,13 +18,9 @@
*/
package org.apache.cxf.systest.jaxrs.security.xml;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.lang.annotation.Annotation;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import java.util.List;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
@@ -32,10 +28,6 @@ import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -43,27 +35,17 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
-import org.apache.cxf.jaxrs.provider.ProviderFactory;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.message.token.DOMX509Data;
import org.apache.ws.security.message.token.DOMX509IssuerSerial;
import org.apache.ws.security.util.Base64;
@@ -72,21 +54,16 @@ import org.apache.ws.security.util.WSSec
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
-public class XmlEncOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlEncOutInterceptor.class);
- static {
- WSSConfig.init();
- }
-
private boolean encryptSymmetricKey = true;
private SecretKey symmetricKey;
private String keyEncAlgo = XMLCipher.RSA_OAEP;
private String symEncAlgo = XMLCipher.AES_256;
public XmlEncOutInterceptor() {
- super(Phase.WRITE);
addAfter(XmlSigOutInterceptor.class.getName());
}
@@ -98,30 +75,12 @@ public class XmlEncOutInterceptor extend
keyEncAlgo = algo;
}
- public void handleMessage(Message message) throws Fault {
- try {
- Object body = getRequestBody(message);
- if (body == null) {
- return;
- }
- Document doc = getDomDocument(body, message);
- if (doc == null) {
- return;
- }
-
- Document encryptedDataDoc = encryptDocument(message, doc);
- message.setContent(List.class,
- new MessageContentsList(new DOMSource(encryptedDataDoc)));
- } catch (Exception ex) {
- StringWriter sw = new StringWriter();
- ex.printStackTrace(new PrintWriter(sw));
- LOG.warning(sw.toString());
- throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
- }
+ protected Document processDocument(Message message, Document payloadDoc)
+ throws Exception {
+ return encryptDocument(message, payloadDoc);
}
- // at the moment all the doc gets encrypted
- private Document encryptDocument(Message message, Document payloadDoc)
+ protected Document encryptDocument(Message message, Document payloadDoc)
throws Exception {
byte[] secretKey = getSymmetricKey();
@@ -174,16 +133,7 @@ public class XmlEncOutInterceptor extend
}
private X509Certificate getReceiverCertificate(Crypto crypto, String user) throws Exception {
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(user);
- X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- if (certs == null || certs.length <= 0) {
- throw new WSSecurityException(
- WSSecurityException.FAILURE,
- "noUserCertsFound",
- new Object[] {user, "encryption"}
- );
- }
+ X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
return certs[0];
}
@@ -218,10 +168,12 @@ public class XmlEncOutInterceptor extend
EncryptionUtils.initCipherWithCert(keyEncAlgo, Cipher.ENCRYPT_MODE, remoteCert);
int blockSize = cipher.getBlockSize();
if (blockSize > 0 && blockSize < keyBytes.length) {
+ String message = "Public key algorithm too weak to encrypt symmetric key";
+ LOG.severe(message);
throw new WSSecurityException(
WSSecurityException.FAILURE,
"unsupportedKeyTransp",
- new Object[] {"public key algorithm too weak to encrypt symmetric key"}
+ new Object[] {message}
);
}
byte[] encryptedEphemeralKey = null;
@@ -354,41 +306,5 @@ public class XmlEncOutInterceptor extend
}
- private Object getRequestBody(Message message) {
- MessageContentsList objs = MessageContentsList.getContentsList(message);
- if (objs == null || objs.size() == 0) {
- return null;
- } else {
- return objs.get(0);
- }
- }
-
- @SuppressWarnings("unchecked")
- private Document getDomDocument(Object body, Message m) throws Exception {
-
- if (body instanceof Document) {
- return (Document)body;
- }
- if (body instanceof DOMSource) {
- return (Document)((DOMSource)body).getNode();
- }
-
- ProviderFactory pf = ProviderFactory.getInstance(m);
-
- Object providerObject = pf.createMessageBodyWriter(body.getClass(),
- body.getClass(), new Annotation[]{},
- MediaType.APPLICATION_XML_TYPE, m);
- if (!(providerObject instanceof JAXBElementProvider)) {
- return null;
- }
- JAXBElementProvider provider = (JAXBElementProvider)providerObject;
- W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
- m.setContent(XMLStreamWriter.class, writer);
- provider.writeTo(body, body.getClass(),
- body.getClass(), new Annotation[]{},
- MediaType.APPLICATION_XML_TYPE,
- (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
- return writer.getDocument();
- }
}
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java Thu Aug 4 11:28:51 2011
@@ -32,6 +32,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
@@ -39,12 +40,10 @@ import org.apache.cxf.jaxrs.model.ClassR
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
+import org.apache.cxf.systest.jaxrs.security.common.TrustValidator;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.Reference;
@@ -125,10 +124,9 @@ public class XmlSigInHandler implements
// is this call redundant given that signature.checkSignatureValue uses References ?
validateReference(root, signature);
- Credential trustCredential = new Credential();
- trustCredential.setPublicKey(keyInfo.getPublicKey());
- trustCredential.setCertificates(new X509Certificate[]{keyInfo.getX509Certificate()});
- validateTrust(trustCredential, crypto);
+ // validate trust
+ new TrustValidator().validateTrust(crypto, cert, keyInfo.getPublicKey());
+
} catch (Exception ex) {
throwFault("Signature validation failed", ex);
}
@@ -158,13 +156,6 @@ public class XmlSigInHandler implements
return null;
}
- private void validateTrust(Credential cred, Crypto crypto) throws Exception {
- SignatureTrustValidator validator = new SignatureTrustValidator();
- RequestData data = new RequestData();
- data.setSigCrypto(crypto);
- validator.validate(cred, data);
- }
-
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java?rev=1153851&r1=1153850&r2=1153851&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java Thu Aug 4 11:28:51 2011
@@ -18,40 +18,22 @@
*/
package org.apache.cxf.systest.jaxrs.security.xml;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.lang.annotation.Annotation;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.util.List;
import java.util.UUID;
import java.util.logging.Logger;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.dom.DOMSource;
-
import org.w3c.dom.Document;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
-import org.apache.cxf.jaxrs.provider.ProviderFactory;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.systest.jaxrs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
@@ -59,46 +41,23 @@ import org.apache.xml.security.utils.Ele
import org.opensaml.xml.signature.SignatureConstants;
-
-
-public class XmlSigOutInterceptor extends AbstractPhaseInterceptor<Message> {
+public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
- static {
- WSSConfig.init();
- }
-
private boolean createReferenceId = true;
public XmlSigOutInterceptor() {
- super(Phase.WRITE);
}
public void setCreateReferenceId(boolean create) {
createReferenceId = create;
}
- public void handleMessage(Message message) throws Fault {
- try {
- Object body = getRequestBody(message);
- if (body == null) {
- return;
- }
- Document doc = getDomDocument(body, message);
- if (doc == null) {
- return;
- }
-
- createEnvelopedSignature(message, doc);
- message.setContent(List.class,
- new MessageContentsList(new DOMSource(doc)));
- } catch (Exception ex) {
- StringWriter sw = new StringWriter();
- ex.printStackTrace(new PrintWriter(sw));
- LOG.warning(sw.toString());
- throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
- }
+ protected Document processDocument(Message message, Document doc)
+ throws Exception {
+ createEnvelopedSignature(message, doc);
+ return doc;
}
// enveloping & detached sigs will be supported too
@@ -125,15 +84,8 @@ public class XmlSigOutInterceptor extend
String password =
SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
- // prepare to sign the SAML token
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(user);
- X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
- if (issuerCerts == null) {
- throw new WSSecurityException(
- "No issuer certs were found to sign the document using issuer name: "
- + user);
- }
+
+ X509Certificate[] issuerCerts = SecurityUtils.getCertificates(crypto, user);
String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
@@ -144,7 +96,9 @@ public class XmlSigOutInterceptor extend
try {
privateKey = crypto.getPrivateKey(user, password);
} catch (Exception ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
+ String errorMessage = "Private key can not be loaded, user:" + user;
+ LOG.severe(errorMessage);
+ throw new WSSecurityException(errorMessage, ex);
}
//
ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
@@ -169,39 +123,5 @@ public class XmlSigOutInterceptor extend
sig.sign(privateKey);
}
- private Object getRequestBody(Message message) {
- MessageContentsList objs = MessageContentsList.getContentsList(message);
- if (objs == null || objs.size() == 0) {
- return null;
- } else {
- return objs.get(0);
- }
- }
-
- @SuppressWarnings("unchecked")
- private Document getDomDocument(Object body, Message m) throws Exception {
-
- if (body instanceof Document) {
- return (Document)body;
- }
- ProviderFactory pf = ProviderFactory.getInstance(m);
-
- Object providerObject = pf.createMessageBodyWriter(body.getClass(),
- body.getClass(), new Annotation[]{},
- MediaType.APPLICATION_XML_TYPE, m);
- if (!(providerObject instanceof JAXBElementProvider)) {
- return null;
- }
- JAXBElementProvider provider = (JAXBElementProvider)providerObject;
- W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
- m.setContent(XMLStreamWriter.class, writer);
- provider.writeTo(body, body.getClass(),
- body.getClass(), new Annotation[]{},
- MediaType.APPLICATION_XML_TYPE,
- (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS), null);
- return writer.getDocument();
- }
-
-
}