You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/10/17 21:19:02 UTC
svn commit: r1533221 -
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Author: coheigea
Date: Thu Oct 17 19:19:02 2013
New Revision: 1533221
URL: http://svn.apache.org/r1533221
Log:
Fixing DerivedKey references
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java?rev=1533221&r1=1533220&r2=1533221&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/DerivedKeyTokenOutputProcessor.java Thu Oct 17 19:19:02 2013
@@ -36,6 +36,7 @@ import org.apache.xml.security.stax.ext.
import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.crypto.spec.SecretKeySpec;
@@ -258,6 +259,7 @@ public class DerivedKeyTokenOutputProces
boolean useSingleCertificate)
throws XMLStreamException, XMLSecurityException {
+ SecurityToken wrappingToken = securityToken.getKeyWrappingToken();
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
attributes.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID(null)));
if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier) && !useSingleCertificate) {
@@ -265,13 +267,13 @@ public class DerivedKeyTokenOutputProces
} else if (derivedKeyTokenReference == WSSConstants.DerivedKeyTokenReference.EncryptedKey
|| WSSecurityTokenConstants.KeyIdentifier_EncryptedKeySha1Identifier.equals(keyIdentifier)) {
attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
- } else if (WSSecurityTokenConstants.KerberosToken.equals(securityToken.getTokenType())) {
+ } else if (WSSecurityTokenConstants.KerberosToken.equals(wrappingToken.getTokenType())) {
attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
}
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
- X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
- String tokenId = securityToken.getKeyWrappingToken().getId();
+ X509Certificate[] x509Certificates = wrappingToken.getX509Certificates();
+ String tokenId = wrappingToken.getId();
if (derivedKeyTokenReference == WSSConstants.DerivedKeyTokenReference.EncryptedKey) {
String valueType = WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE;
@@ -283,14 +285,23 @@ public class DerivedKeyTokenOutputProces
} else if (WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
WSSUtils.createX509KeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (WSSecurityTokenConstants.KeyIdentifier_KerberosSha1Identifier.equals(keyIdentifier)) {
- String identifier = securityToken.getSha1Identifier();
+ String identifier = wrappingToken.getSha1Identifier();
WSSUtils.createKerberosSha1IdentifierStructure(this, outputProcessorChain, identifier);
} else if (WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)) {
WSSUtils.createThumbprintKeyIdentifierStructure(this, outputProcessorChain, x509Certificates);
} else if (WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(keyIdentifier)) {
String valueType;
- if (WSSecurityTokenConstants.KerberosToken.equals(securityToken.getTokenType())) {
+ if (WSSecurityTokenConstants.KerberosToken.equals(wrappingToken.getTokenType())) {
valueType = WSSConstants.NS_GSS_Kerberos5_AP_REQ;
+ } else if (WSSecurityTokenConstants.SpnegoContextToken.equals(wrappingToken.getTokenType())
+ || WSSecurityTokenConstants.SecurityContextToken.equals(wrappingToken.getTokenType())
+ || WSSecurityTokenConstants.SecureConversationToken.equals(wrappingToken.getTokenType())) {
+ boolean use200512Namespace = ((WSSSecurityProperties)getSecurityProperties()).isUse200512Namespace();
+ if (use200512Namespace) {
+ valueType = WSSConstants.NS_WSC_05_12 + "/sct";
+ } else {
+ valueType = WSSConstants.NS_WSC_05_02 + "/sct";
+ }
} else if (useSingleCertificate) {
valueType = WSSConstants.NS_X509_V3_TYPE;
} else {