You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/14 16:18:58 UTC
cxf git commit: Renaming SecurityUtils
Repository: cxf
Updated Branches:
refs/heads/master 5faf18226 -> e5d98fd24
Renaming SecurityUtils
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5d98fd2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5d98fd2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5d98fd2
Branch: refs/heads/master
Commit: e5d98fd24b545920f2453e94a56cd9690582af59
Parents: 5faf182
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 14 15:18:44 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 14 15:18:44 2015 +0100
----------------------------------------------------------------------
.../grants/saml/Saml2BearerGrantHandler.java | 4 +-
.../saml/sso/SAMLProtocolResponseValidator.java | 8 +-
.../cxf/rs/security/common/RSSecurityUtils.java | 169 ++++++++++++++++++
.../cxf/rs/security/common/SecurityUtils.java | 172 -------------------
.../rs/security/saml/AbstractSamlInHandler.java | 6 +-
.../apache/cxf/rs/security/saml/SAMLUtils.java | 8 +-
.../security/xml/AbstractXmlEncInHandler.java | 14 +-
.../security/xml/AbstractXmlSigInHandler.java | 8 +-
.../rs/security/xml/XmlEncOutInterceptor.java | 18 +-
.../rs/security/xml/XmlSecInInterceptor.java | 8 +-
.../rs/security/xml/XmlSecOutInterceptor.java | 16 +-
.../rs/security/xml/XmlSigOutInterceptor.java | 10 +-
.../security/saml/SamlCallbackHandler.java | 6 +-
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 14 +-
14 files changed, 229 insertions(+), 232 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index 94d49aa..2781f71 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -40,7 +40,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -177,7 +177,7 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler {
if (assertion.isSigned()) {
WSSConfig cfg = WSSConfig.getNewInstance();
data.setWssConfig(cfg);
- data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
+ data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass()));
try {
data.setSigVerCrypto(new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index c1be9f5..b46ac84 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -35,7 +35,7 @@ import org.w3c.dom.NodeList;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.xml.EncryptionUtils;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.wss4j.common.WSS4JConstants;
@@ -299,7 +299,7 @@ public class SAMLProtocolResponseValidator {
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException {
try {
- X509Certificate[] certs = SecurityUtils.getCertificates(sigCrypto,
+ X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto,
sigCrypto.getDefaultX509Identifier());
SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]});
samlKeyInfo.setPublicKey(certs[0].getPublicKey());
@@ -503,7 +503,7 @@ public class SAMLProtocolResponseValidator {
getNode(encKeyElement, Constants.SignatureSpecNS, "X509Certificate", 0);
if (certNode != null) {
try {
- return SecurityUtils.loadX509Certificate(crypto, certNode);
+ return RSSecurityUtils.loadX509Certificate(crypto, certNode);
} catch (Exception ex) {
LOG.log(Level.FINE, "X509Certificate can not be created", ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -513,7 +513,7 @@ public class SAMLProtocolResponseValidator {
certNode = getNode(encKeyElement, Constants.SignatureSpecNS, "X509IssuerSerial", 0);
if (certNode != null) {
try {
- return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
+ return RSSecurityUtils.loadX509IssuerSerial(crypto, certNode);
} catch (Exception ex) {
LOG.log(Level.FINE, "X509Certificate can not be created", ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/RSSecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/RSSecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/RSSecurityUtils.java
new file mode 100644
index 0000000..34f6bea
--- /dev/null
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/RSSecurityUtils.java
@@ -0,0 +1,169 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.common;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.xml.security.utils.Constants;
+
+public final class RSSecurityUtils {
+
+ public static final String X509_CERT = "X509Certificate";
+ public static final String X509_ISSUER_SERIAL = "X509IssuerSerial";
+ public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";
+
+ private RSSecurityUtils() {
+
+ }
+
+ public static boolean isSignedAndEncryptedTwoWay(Message m) {
+ Message outMessage = m.getExchange().getOutMessage();
+
+ Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
+ ? outMessage : m;
+
+ Object encryptionProperties =
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, m);
+ Object signatureProperties =
+ SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, m);
+
+ return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))
+ && encryptionProperties != null && signatureProperties != null;
+ }
+
+ public static X509Certificate loadX509Certificate(Crypto crypto, Element certNode)
+ throws Exception {
+ String base64Value = certNode.getTextContent().trim();
+ byte[] certBytes = Base64Utility.decode(base64Value);
+
+ Crypto certCrypto = crypto;
+ if (certCrypto == null) {
+ certCrypto = new Merlin();
+ }
+ return certCrypto.loadCertificate(new ByteArrayInputStream(certBytes));
+ }
+
+ public static X509Certificate loadX509IssuerSerial(Crypto crypto, Element certNode)
+ throws Exception {
+ Node issuerNameNode =
+ certNode.getElementsByTagNameNS(Constants.SignatureSpecNS, "X509IssuerName").item(0);
+ Node serialNumberNode =
+ certNode.getElementsByTagNameNS(Constants.SignatureSpecNS, "X509SerialNumber").item(0);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+ cryptoType.setIssuerSerial(issuerNameNode.getTextContent(),
+ new BigInteger(serialNumberNode.getTextContent()));
+ return crypto.getX509Certificates(cryptoType)[0];
+ }
+
+ public static X509Certificate[] getCertificates(Crypto crypto, String user)
+ throws Exception {
+ if (crypto == null) {
+ throw new Exception("Crypto instance is null");
+ }
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(user);
+ X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+ if (issuerCerts == null || issuerCerts.length == 0) {
+ throw new Exception(
+ "No issuer certs were found using issuer name: " + user);
+ }
+ return issuerCerts;
+ }
+
+ public static Crypto getCrypto(Message message,
+ String cryptoKey,
+ String propKey)
+ throws IOException, WSSecurityException {
+ return new CryptoLoader().getCrypto(message, cryptoKey, propKey);
+ }
+
+ public static String getUserName(Message message, Crypto crypto, String userNameKey) {
+ String user = (String)SecurityUtils.getSecurityPropertyValue(userNameKey, message);
+ return getUserName(crypto, user);
+ }
+
+ public static String getUserName(Crypto crypto, String userName) {
+ if (crypto != null && StringUtils.isEmpty(userName)) {
+ try {
+ userName = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
+ }
+ return userName;
+ }
+
+ public static String getPassword(Message message, String userName,
+ int type, Class<?> callingClass) throws WSSecurityException {
+ CallbackHandler handler = getCallbackHandler(message, callingClass);
+ if (handler == null) {
+ return null;
+ }
+
+ WSPasswordCallback[] cb = {new WSPasswordCallback(userName, type)};
+ try {
+ handler.handle(cb);
+ } catch (Exception e) {
+ return null;
+ }
+
+ //get the password
+ String password = cb[0].getPassword();
+ return password == null ? "" : password;
+ }
+
+ public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass)
+ throws WSSecurityException {
+ return getCallbackHandler(message, callingClass, SecurityConstants.CALLBACK_HANDLER);
+ }
+
+ public static CallbackHandler getCallbackHandler(Message message,
+ Class<?> callingClass,
+ String callbackProperty) throws WSSecurityException {
+ //Then try to get the password from the given callback handler
+ Object o = SecurityUtils.getSecurityPropertyValue(callbackProperty, message);
+
+ try {
+ return SecurityUtils.getCallbackHandler(o);
+ } catch (Exception ex) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
deleted file mode 100644
index d8db9ed..0000000
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.common;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rt.security.SecurityConstants;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.crypto.Merlin;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.xml.security.utils.Constants;
-
-public final class SecurityUtils {
-
- public static final String X509_CERT = "X509Certificate";
- public static final String X509_ISSUER_SERIAL = "X509IssuerSerial";
- public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";
-
- private SecurityUtils() {
-
- }
-
- public static boolean isSignedAndEncryptedTwoWay(Message m) {
- Message outMessage = m.getExchange().getOutMessage();
-
- Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
- ? outMessage : m;
-
- Object encryptionProperties =
- org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
- SecurityConstants.ENCRYPT_PROPERTIES, m);
- Object signatureProperties =
- org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
- SecurityConstants.SIGNATURE_PROPERTIES, m);
-
- return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))
- && encryptionProperties != null && signatureProperties != null;
- }
-
- public static X509Certificate loadX509Certificate(Crypto crypto, Element certNode)
- throws Exception {
- String base64Value = certNode.getTextContent().trim();
- byte[] certBytes = Base64Utility.decode(base64Value);
-
- Crypto certCrypto = crypto;
- if (certCrypto == null) {
- certCrypto = new Merlin();
- }
- return certCrypto.loadCertificate(new ByteArrayInputStream(certBytes));
- }
-
- public static X509Certificate loadX509IssuerSerial(Crypto crypto, Element certNode)
- throws Exception {
- Node issuerNameNode =
- certNode.getElementsByTagNameNS(Constants.SignatureSpecNS, "X509IssuerName").item(0);
- Node serialNumberNode =
- certNode.getElementsByTagNameNS(Constants.SignatureSpecNS, "X509SerialNumber").item(0);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
- cryptoType.setIssuerSerial(issuerNameNode.getTextContent(),
- new BigInteger(serialNumberNode.getTextContent()));
- return crypto.getX509Certificates(cryptoType)[0];
- }
-
- public static X509Certificate[] getCertificates(Crypto crypto, String user)
- throws Exception {
- if (crypto == null) {
- throw new Exception("Crypto instance is null");
- }
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(user);
- X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
- if (issuerCerts == null || issuerCerts.length == 0) {
- throw new Exception(
- "No issuer certs were found using issuer name: " + user);
- }
- return issuerCerts;
- }
-
- public static Crypto getCrypto(Message message,
- String cryptoKey,
- String propKey)
- throws IOException, WSSecurityException {
- return new CryptoLoader().getCrypto(message, cryptoKey, propKey);
- }
-
- public static String getUserName(Message message, Crypto crypto, String userNameKey) {
- String user =
- (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(userNameKey, message);
- return getUserName(crypto, user);
- }
-
- public static String getUserName(Crypto crypto, String userName) {
- if (crypto != null && StringUtils.isEmpty(userName)) {
- try {
- userName = crypto.getDefaultX509Identifier();
- } catch (WSSecurityException e1) {
- throw new Fault(e1);
- }
- }
- return userName;
- }
-
- public static String getPassword(Message message, String userName,
- int type, Class<?> callingClass) throws WSSecurityException {
- CallbackHandler handler = getCallbackHandler(message, callingClass);
- if (handler == null) {
- return null;
- }
-
- WSPasswordCallback[] cb = {new WSPasswordCallback(userName, type)};
- try {
- handler.handle(cb);
- } catch (Exception e) {
- return null;
- }
-
- //get the password
- String password = cb[0].getPassword();
- return password == null ? "" : password;
- }
-
- public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass)
- throws WSSecurityException {
- return getCallbackHandler(message, callingClass, SecurityConstants.CALLBACK_HANDLER);
- }
-
- public static CallbackHandler getCallbackHandler(Message message,
- Class<?> callingClass,
- String callbackProperty) throws WSSecurityException {
- //Then try to get the password from the given callback handler
- Object o =
- org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(callbackProperty, message);
-
- try {
- return org.apache.cxf.rt.security.utils.SecurityUtils.getCallbackHandler(o);
- } catch (Exception ex) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 9b672e0..7fbe571 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -42,7 +42,7 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProvider;
import org.apache.cxf.rs.security.saml.authorization.SecurityContextProviderImpl;
import org.apache.cxf.rs.security.xml.AbstractXmlSecInHandler;
@@ -132,7 +132,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
if (assertion.isSigned()) {
WSSConfig cfg = WSSConfig.getNewInstance();
data.setWssConfig(cfg);
- data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
+ data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass()));
try {
data.setSigVerCrypto(new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
@@ -209,7 +209,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException {
try {
- X509Certificate[] certs = SecurityUtils.getCertificates(sigCrypto,
+ X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto,
sigCrypto.getDefaultX509Identifier());
SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]});
samlKeyInfo.setPublicKey(certs[0].getPublicKey());
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index 52fc057..f4ebcb0 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -29,7 +29,7 @@ import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.saml.assertion.Subject;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
@@ -64,7 +64,7 @@ public final class SAMLUtils {
public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
try {
- CallbackHandler handler = SecurityUtils.getCallbackHandler(
+ CallbackHandler handler = RSSecurityUtils.getCallbackHandler(
message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
return createAssertion(message, handler);
} catch (Exception ex) {
@@ -90,13 +90,13 @@ public final class SAMLUtils {
SecurityConstants.SIGNATURE_PROPERTIES);
String user =
- SecurityUtils.getUserName(message, crypto, SecurityConstants.SIGNATURE_USERNAME);
+ RSSecurityUtils.getUserName(message, crypto, SecurityConstants.SIGNATURE_USERNAME);
if (StringUtils.isEmpty(user)) {
return assertion;
}
String password =
- SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE,
+ RSSecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE,
SAMLUtils.class);
assertion.signAssertion(user, password, crypto, false);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 70025d8..680e46d 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -36,7 +36,7 @@ import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.staxutils.StaxUtils;
@@ -96,7 +96,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
String cryptoKey = null;
String propKey = null;
- if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ if (RSSecurityUtils.isSignedAndEncryptedTwoWay(message)) {
cryptoKey = SecurityConstants.SIGNATURE_CRYPTO;
propKey = SecurityConstants.SIGNATURE_PROPERTIES;
} else {
@@ -170,23 +170,23 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
*/
String keyIdentifierType = encProps != null ? encProps.getEncryptionKeyIdType() : null;
- if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_CERT)) {
+ if (keyIdentifierType == null || keyIdentifierType.equals(RSSecurityUtils.X509_CERT)) {
Element certNode = getNode(encKeyElement,
Constants.SignatureSpecNS, "X509Certificate", 0);
if (certNode != null) {
try {
- return SecurityUtils.loadX509Certificate(crypto, certNode);
+ return RSSecurityUtils.loadX509Certificate(crypto, certNode);
} catch (Exception ex) {
throwFault("X509Certificate can not be created", ex);
}
}
}
- if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_ISSUER_SERIAL)) {
+ if (keyIdentifierType == null || keyIdentifierType.equals(RSSecurityUtils.X509_ISSUER_SERIAL)) {
Element certNode = getNode(encKeyElement,
Constants.SignatureSpecNS, "X509IssuerSerial", 0);
if (certNode != null) {
try {
- return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
+ return RSSecurityUtils.loadX509IssuerSerial(crypto, certNode);
} catch (Exception ex) {
throwFault("X509Certificate can not be created", ex);
}
@@ -231,7 +231,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
String keyEncAlgo,
String digestAlgo,
Message message) throws WSSecurityException {
- CallbackHandler callback = SecurityUtils.getCallbackHandler(message, this.getClass());
+ CallbackHandler callback = RSSecurityUtils.getCallbackHandler(message, this.getClass());
PrivateKey key = null;
try {
key = crypto.getPrivateKey(cert, callback);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
index 88d7270..3e7e93c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
@@ -35,7 +35,7 @@ import org.w3c.dom.Element;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.security.SecurityContext;
@@ -85,7 +85,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
String cryptoKey = null;
String propKey = null;
- if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ if (RSSecurityUtils.isSignedAndEncryptedTwoWay(message)) {
cryptoKey = SecurityConstants.ENCRYPT_CRYPTO;
propKey = SecurityConstants.ENCRYPT_PROPERTIES;
} else {
@@ -145,7 +145,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
}
} else if (!keyInfoMustBeAvailable) {
String user = getUserName(crypto, message);
- cert = SecurityUtils.getCertificates(crypto, user)[0];
+ cert = RSSecurityUtils.getCertificates(crypto, user)[0];
publicKey = cert.getPublicKey();
valid = signature.checkSignatureValue(cert);
}
@@ -190,7 +190,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
if (sc != null && sc.getUserPrincipal() != null) {
return sc.getUserPrincipal().getName();
} else {
- return SecurityUtils.getUserName(crypto, null);
+ return RSSecurityUtils.getUserName(crypto, null);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index 9753f43..814e1c5 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -40,8 +40,9 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.DOMX509Data;
@@ -112,9 +113,8 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
X509Certificate receiverCert = null;
String userName =
- (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
- SecurityConstants.ENCRYPT_USERNAME, message);
- if (SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
+ if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
&& !MessageUtils.isRequestor(message)) {
receiverCert =
(X509Certificate)message.getExchange().getInMessage().get(
@@ -125,7 +125,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
- userName = SecurityUtils.getUserName(crypto, userName);
+ userName = RSSecurityUtils.getUserName(crypto, userName);
if (StringUtils.isEmpty(userName)) {
throw new Exception("User name is not available");
}
@@ -174,7 +174,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
}
private X509Certificate getReceiverCertificateFromCrypto(Crypto crypto, String user) throws Exception {
- X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
+ X509Certificate[] certs = RSSecurityUtils.getCertificates(crypto, user);
return certs[0];
}
@@ -267,10 +267,10 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
String keyIdType = encProps.getEncryptionKeyIdType() == null
- ? SecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
+ ? RSSecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
Node keyIdentifierNode = null;
- if (keyIdType.equals(SecurityUtils.X509_CERT)) {
+ if (keyIdType.equals(RSSecurityUtils.X509_CERT)) {
byte data[] = null;
try {
data = remoteCert.getEncoded();
@@ -286,7 +286,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
x509Data.appendChild(cert);
keyIdentifierNode = x509Data;
- } else if (keyIdType.equals(SecurityUtils.X509_ISSUER_SERIAL)) {
+ } else if (keyIdType.equals(RSSecurityUtils.X509_ISSUER_SERIAL)) {
String issuer = remoteCert.getIssuerDN().getName();
java.math.BigInteger serialNumber = remoteCert.getSerialNumber();
DOMX509IssuerSerial domIssuerSerial =
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 1e76b85..c4e1b18 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -47,7 +47,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.staxutils.StaxUtils;
@@ -142,7 +142,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
UnsupportedCallbackException, WSSecurityException {
String cryptoKey = null;
String propKey = null;
- if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ if (RSSecurityUtils.isSignedAndEncryptedTwoWay(message)) {
cryptoKey = SecurityConstants.SIGNATURE_CRYPTO;
propKey = SecurityConstants.SIGNATURE_PROPERTIES;
} else {
@@ -163,7 +163,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
alias = crypto.getDefaultX509Identifier();
}
if (alias != null) {
- CallbackHandler callback = SecurityUtils.getCallbackHandler(message, this.getClass());
+ CallbackHandler callback = RSSecurityUtils.getCallbackHandler(message, this.getClass());
WSPasswordCallback passwordCallback =
new WSPasswordCallback(alias, WSPasswordCallback.DECRYPT);
callback.handle(new Callback[] {passwordCallback});
@@ -177,7 +177,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
private Crypto getSignatureCrypto(Message message) {
String cryptoKey = null;
String propKey = null;
- if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ if (RSSecurityUtils.isSignedAndEncryptedTwoWay(message)) {
cryptoKey = SecurityConstants.ENCRYPT_CRYPTO;
propKey = SecurityConstants.ENCRYPT_PROPERTIES;
} else {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 123f59f..e2f1348 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -45,7 +45,7 @@ import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -161,7 +161,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
String userName =
(String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
SecurityConstants.ENCRYPT_USERNAME, message);
- if (SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
+ if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
&& !MessageUtils.isRequestor(message)) {
sendingCert =
message.getExchange().getInMessage().getContent(X509Certificate.class);
@@ -177,7 +177,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
- userName = SecurityUtils.getUserName(crypto, userName);
+ userName = RSSecurityUtils.getUserName(crypto, userName);
if (StringUtils.isEmpty(userName)) {
throw new Exception("User name is not available");
}
@@ -251,7 +251,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
}
private X509Certificate getCertificateFromCrypto(Crypto crypto, String user) throws Exception {
- X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
+ X509Certificate[] certs = RSSecurityUtils.getCertificates(crypto, user);
return certs[0];
}
@@ -274,16 +274,16 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
Crypto crypto = loader.getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
- String user = SecurityUtils.getUserName(message, crypto, userNameKey);
+ String user = RSSecurityUtils.getUserName(message, crypto, userNameKey);
- if (StringUtils.isEmpty(user) || SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
+ if (StringUtils.isEmpty(user) || RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
throw new Exception("User name is not available");
}
String password =
- SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
+ RSSecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
- X509Certificate[] issuerCerts = SecurityUtils.getCertificates(crypto, user);
+ X509Certificate[] issuerCerts = RSSecurityUtils.getCertificates(crypto, user);
properties.setSignatureCerts(issuerCerts);
String sigAlgo = sigProps.getSignatureAlgo() == null
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index e7891db..e37fd14 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -35,7 +35,7 @@ import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -109,16 +109,16 @@ public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
Crypto crypto = loader.getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
- String user = SecurityUtils.getUserName(message, crypto, userNameKey);
+ String user = RSSecurityUtils.getUserName(message, crypto, userNameKey);
- if (StringUtils.isEmpty(user) || SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
+ if (StringUtils.isEmpty(user) || RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
throw new Exception("User name is not available");
}
String password =
- SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
+ RSSecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
- X509Certificate[] issuerCerts = SecurityUtils.getCertificates(crypto, user);
+ X509Certificate[] issuerCerts = RSSecurityUtils.getCertificates(crypto, user);
String sigAlgo = sigProps.getSignatureAlgo() == null
? SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1 : sigProps.getSignatureAlgo();
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
index d9168c2..9ba1f2c 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlCallbackHandler.java
@@ -33,7 +33,7 @@ import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.saml.claims.SAMLClaim;
import org.apache.wss4j.common.crypto.Crypto;
@@ -105,8 +105,8 @@ public class SamlCallbackHandler implements CallbackHandler {
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
X509Certificate cert =
- SecurityUtils.getCertificates(crypto,
- SecurityUtils.getUserName(m, crypto, "ws-security.signature.username"))[0];
+ RSSecurityUtils.getCertificates(crypto,
+ RSSecurityUtils.getUserName(m, crypto, "ws-security.signature.username"))[0];
KeyInfoBean keyInfo = new KeyInfoBean();
keyInfo.setCertificate(cert);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5d98fd2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 64e14ca..13aac10 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -33,7 +33,7 @@ import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.xml.EncryptionProperties;
import org.apache.cxf.rs.security.xml.XmlEncInInterceptor;
import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
@@ -315,7 +315,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
EncryptionProperties encryptionProperties = new EncryptionProperties();
String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
encryptionProperties.setEncryptionSymmetricKeyAlgo(aes128GCM);
- encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
+ encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_CERT);
doTestPostEncryptedBook(address, false, properties, encryptionProperties, false, test.streaming);
}
@@ -332,7 +332,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
- encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
+ encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_CERT);
encryptionProperties.setEncryptionDigestAlgo(XMLCipher.SHA256);
doTestPostEncryptedBook(
@@ -352,7 +352,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
- encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_ISSUER_SERIAL);
+ encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_ISSUER_SERIAL);
doTestPostEncryptedBook(
address, false, properties, encryptionProperties, false, test.streaming
@@ -391,7 +391,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(
"http://www.w3.org/2009/xmlenc11#aes128-gcm");
- encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
+ encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_CERT);
try {
doTestPostEncryptedBook(address, true, properties, encryptionProperties, true, test.streaming);
@@ -421,7 +421,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
throws Exception {
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
- encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
+ encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_CERT);
doTestPostEncryptedBook(
address, sign, properties, encryptionProperties, false, test.streaming
);
@@ -548,7 +548,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
bean.setProperties(properties);
XmlEncOutInterceptor encInterceptor = new XmlEncOutInterceptor();
- encInterceptor.setKeyIdentifierType(SecurityUtils.X509_CERT);
+ encInterceptor.setKeyIdentifierType(RSSecurityUtils.X509_CERT);
encInterceptor.setSymmetricEncAlgorithm(XMLCipher.AES_128);
bean.getOutInterceptors().add(encInterceptor);
bean.getInInterceptors().add(new XmlEncInInterceptor());