You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/04/06 22:27:20 UTC
svn commit: r762495 - in /cxf/trunk/rt:
transports/http/src/main/java/org/apache/cxf/transport/https/
ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
Author: dkulp
Date: Mon Apr 6 20:27:20 2009
New Revision: 762495
URL: http://svn.apache.org/viewvc?rev=762495&view=rev
Log:
[CXF-2158] Fix problem of referencing a token via ID instead of wsu:Id
Fix validation of trandport binding things that usually won't have sigs
If username/tokens are required, but not provided a username, throw exception.
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Mon Apr 6 20:27:20 2009
@@ -35,6 +35,7 @@
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
@@ -147,8 +148,6 @@
throw new IIOException("Error while initializing secure socket", ex);
}
}
- } else {
- assert false;
}
return connection;
@@ -187,9 +186,27 @@
? SSLContext.getInstance(protocol)
: SSLContext.getInstance(protocol, provider);
+
+
+ TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers();
+ /*
+ TrustManager[] trustAllCerts = new TrustManager[] {
+ new javax.net.ssl.X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ }
+ };
+ */
ctx.init(
- tlsClientParameters.getKeyManagers(),
- tlsClientParameters.getTrustManagers(),
+ tlsClientParameters.getKeyManagers(),
+ trustAllCerts,
tlsClientParameters.getSecureRandom());
// The "false" argument means opposite of exclude.
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Mon Apr 6 20:27:20 2009
@@ -531,6 +531,7 @@
private boolean assertTransportBinding(AssertionInfoMap aim) {
assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
+ assertPolicy(aim, SP12Constants.SIGNED_PARTS);
return !assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Mon Apr 6 20:27:20 2009
@@ -594,10 +594,10 @@
info.setAsserted(true);
return utBuilder;
} else {
- info.setNotAsserted("No password available");
+ policyNotAsserted(token, "No username available");
}
} else {
- info.setNotAsserted("No username available");
+ policyNotAsserted(token, "No username available");
}
return null;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=762495&r1=762494&r2=762495&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Mon Apr 6 20:27:20 2009
@@ -385,12 +385,21 @@
return dkSign.getSignatureValue();
} else {
WSSecSignature sig = new WSSecSignature();
- sig.setCustomTokenId(secTok.getId());
if (secTok.getTokenType() == null) {
+ sig.setCustomTokenId(secTok.getId());
sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+ WSConstants.SAML_ASSERTION_ID);
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else {
+ String id = secTok.getWsuId();
+ if (id == null) {
+ sig.setCustomTokenId(secTok.getId());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
+ } else {
+ sig.setCustomTokenId(secTok.getWsuId());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ }
+ sig.setCustomTokenValueType(secTok.getTokenType());
sig.setCustomTokenValueType(secTok.getTokenType());
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
}