You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/06/27 18:37:00 UTC
svn commit: r1497432 - in
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl:
processor/output/BinarySecurityTokenOutputProcessor.java
processor/output/EncryptOutputProcessor.java
securityToken/SecurityTokenFactoryImpl.java
Author: coheigea
Date: Thu Jun 27 16:37:00 2013
New Revision: 1497432
URL: http://svn.apache.org/r1497432
Log:
Added functionality to get SymmetricBinding Kerberos use-cases working
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java Thu Jun 27 16:37:00 2013
@@ -36,6 +36,7 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.crypto.spec.SecretKeySpec;
@@ -57,6 +58,7 @@ public class BinarySecurityTokenOutputPr
final X509Certificate[] x509Certificates;
String reference = null;
Key key = null;
+ TokenType tokenType = WSSecurityTokenConstants.X509V3Token;
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.SIGNATURE.equals(action)
@@ -76,6 +78,9 @@ public class BinarySecurityTokenOutputPr
if (securityToken != null) {
key = securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm());
reference = securityToken.getSha1Identifier();
+ if (securityToken.getTokenType() != null) {
+ tokenType = securityToken.getTokenType();
+ }
}
}
}
@@ -148,7 +153,7 @@ public class BinarySecurityTokenOutputPr
}
final GenericOutboundSecurityToken binarySecurityToken =
- new GenericOutboundSecurityToken(bstId, WSSecurityTokenConstants.X509V3Token, key, x509Certificates);
+ new GenericOutboundSecurityToken(bstId, tokenType, key, x509Certificates);
binarySecurityToken.setSha1Identifier(reference);
final SecurityTokenProvider<OutboundSecurityToken> binarySecurityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -169,8 +174,9 @@ public class BinarySecurityTokenOutputPr
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, bstId);
boolean includeSignatureToken =
((WSSSecurityProperties) getSecurityProperties()).isIncludeSignatureToken();
- if (includeSignatureToken
- || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier())) {
+ if ((includeSignatureToken
+ || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier()))
+ && !WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor = new FinalBinarySecurityTokenOutputProcessor(binarySecurityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java Thu Jun 27 16:37:00 2013
@@ -46,6 +46,7 @@ import org.apache.xml.security.stax.impl
import org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
@@ -95,7 +96,8 @@ public class EncryptOutputProcessor exte
encryptionPartDef,
xmlSecStartElement,
outputProcessorChain.getDocumentContext().getEncoding(),
- securityToken.getSha1Identifier()
+ securityToken.getSha1Identifier(),
+ securityToken.getTokenType()
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalEncryptionOutputProcessor.setAction(getAction());
@@ -124,9 +126,10 @@ public class EncryptOutputProcessor exte
private boolean doEncryptedHeader = false;
private final String sha1Identifier;
+ private final TokenType tokenType;
InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef, XMLSecStartElement xmlSecStartElement,
- String encoding, String sha1Identifier)
+ String encoding, String sha1Identifier, TokenType tokenType)
throws XMLSecurityException, XMLStreamException {
super(encryptionPartDef, xmlSecStartElement, encoding);
@@ -134,6 +137,7 @@ public class EncryptOutputProcessor exte
this.addBeforeProcessor(InternalEncryptionOutputProcessor.class.getName());
this.addAfterProcessor(EncryptOutputProcessor.class.getName());
this.sha1Identifier = sha1Identifier;
+ this.tokenType = tokenType;
}
protected OutputStream applyTransforms(OutputStream outputStream) throws XMLSecurityException {
@@ -224,10 +228,20 @@ public class EncryptOutputProcessor exte
WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
}
} else {
- createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+ if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+ List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
+ attributes.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID(null)));
+ attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
+ } else {
+ createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+ }
List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
+ if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+ attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+ }
createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, attributes);
createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
}
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java Thu Jun 27 16:37:00 2013
@@ -258,7 +258,7 @@ public class SecurityTokenFactoryImpl ex
return createSecurityTokenProxy(securityTokenProvider.getSecurityToken(),
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
}
-
+
try {
//ok we have to find the token via digesting...
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
@@ -280,8 +280,10 @@ public class SecurityTokenFactoryImpl ex
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", keyIdentifierType.getValue());
+ // Finally, just delegate to a Callback as per EncryptedKeySHA1
+ return new EncryptedKeySha1SecurityTokenImpl(
+ (WSInboundSecurityContext) inboundSecurityContext, callbackHandler,
+ keyIdentifierType.getValue(), securityTokenReferenceType.getId());
} else {
//we do enforce BSP compliance here but will fail anyway since we cannot identify the referenced token
((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3063);