You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/09 15:38:24 UTC
svn commit: r1530602 - in /cxf/trunk/rt/ws/security/src:
main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
test/java/org/apache/cxf/ws/security/wss4j/saml/
Author: coheigea
Date: Wed Oct 9 13:38:23 2013
New Revision: 1530602
URL: http://svn.apache.org/r1530602
Log:
Update to streaming ws-security code following recent merge to WSS4J
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Wed Oct 9 13:38:23 2013
@@ -204,7 +204,7 @@ public abstract class AbstractStaxBindin
}
protected SecurePart addKerberosToken(
- KerberosToken token, boolean signed, boolean endorsing
+ KerberosToken token, boolean signed, boolean endorsing, boolean encrypting
) throws WSSecurityException {
IncludeTokenType includeToken = token.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
@@ -219,6 +219,7 @@ public abstract class AbstractStaxBindin
// Convert to WSS4J token
final KerberosClientSecurityToken wss4jToken =
new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+ wss4jToken.setSha1Identifier(secToken.getSHA1());
final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -233,15 +234,21 @@ public abstract class AbstractStaxBindin
return wss4jToken.getId();
}
};
- outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST,
+ outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS,
kerberosSecurityTokenProvider);
+ if (encrypting) {
+ outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
+ kerberosSecurityTokenProvider);
+ }
+ if (endorsing) {
+ outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
+ kerberosSecurityTokenProvider);
+ }
+
// Action
Map<String, Object> config = getProperties();
String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
- if (endorsing) {
- actionToPerform = ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN;
- }
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
@@ -259,7 +266,10 @@ public abstract class AbstractStaxBindin
}
*/
- return new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+ SecurePart securePart = new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+ securePart.setIdToSign(wss4jToken.getId());
+
+ return securePart;
}
protected SecurePart addSamlToken(
@@ -528,9 +538,10 @@ public abstract class AbstractStaxBindin
// Find out do we also need to include the token as per the Inclusion requirement
if (token instanceof X509Token
- && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
+ && isTokenRequired(token.getIncludeTokenType())
&& ("IssuerSerial".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
- || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
+ || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
+ || "DirectReference".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "true");
} else {
config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
@@ -749,7 +760,7 @@ public abstract class AbstractStaxBindin
}
}
} else if (isRequestor() && token instanceof KerberosToken) {
- SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse);
+ SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse, false);
if (securePart != null) {
ret.put(token, securePart);
if (suppTokens.isEncryptedToken()) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Wed Oct 9 13:38:23 2013
@@ -39,6 +39,7 @@ import javax.xml.soap.SOAPException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -153,7 +154,9 @@ public class StaxSymmetricBindingHandler
SecurityToken tok = null;
if (encryptionToken instanceof KerberosToken) {
tok = getSecurityToken();
- addKerberosToken((KerberosToken)encryptionToken, false, false);
+ if (MessageUtils.isRequestor(message)) {
+ addKerberosToken((KerberosToken)encryptionToken, false, true, true);
+ }
} else if (encryptionToken instanceof IssuedToken) {
tok = getSecurityToken();
addIssuedToken((IssuedToken)encryptionToken, tok, false, true);
@@ -181,7 +184,9 @@ public class StaxSymmetricBindingHandler
}
// Store key
- storeSecurityToken(tok);
+ if (!(MessageUtils.isRequestor(message) && encryptionToken instanceof KerberosToken)) {
+ storeSecurityToken(tok);
+ }
List<SecurePart> encrParts = null;
List<SecurePart> sigParts = null;
@@ -249,7 +254,9 @@ public class StaxSymmetricBindingHandler
if (sigToken != null) {
if (sigToken instanceof KerberosToken) {
sigTok = getSecurityToken();
- addKerberosToken((KerberosToken)sigToken, false, false);
+ if (MessageUtils.isRequestor(message)) {
+ addKerberosToken((KerberosToken)sigToken, false, true, true);
+ }
} else if (sigToken instanceof IssuedToken) {
sigTok = getSecurityToken();
addIssuedToken((IssuedToken)sigToken, sigTok, false, true);
@@ -281,7 +288,9 @@ public class StaxSymmetricBindingHandler
}
// Store key
- storeSecurityToken(sigTok);
+ if (!(MessageUtils.isRequestor(message) && sigToken instanceof KerberosToken)) {
+ storeSecurityToken(sigTok);
+ }
// Add timestamp
List<SecurePart> sigs = new ArrayList<SecurePart>();
@@ -415,7 +424,11 @@ public class StaxSymmetricBindingHandler
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ if (action.contains(ConfigurationConstants.KERBEROS_TOKEN)) {
+ config.put(ConfigurationConstants.ACTION, actionToPerform + " " + action);
+ } else {
+ config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ }
} else {
config.put(ConfigurationConstants.ACTION, actionToPerform);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Wed Oct 9 13:38:23 2013
@@ -172,7 +172,7 @@ public class StaxTransportBindingHandler
} else if (token instanceof IssuedToken) {
addIssuedToken((IssuedToken)token, getSecurityToken(), false, false);
} else if (token instanceof KerberosToken) {
- addKerberosToken((KerberosToken)token, false, false);
+ addKerberosToken((KerberosToken)token, false, false, false);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken)token, false, false);
} else {
@@ -258,8 +258,7 @@ public class StaxTransportBindingHandler
|| token instanceof SpnegoContextToken) {
addSig(doIssuedTokenSignature(token, wrapper));
*/
- } else if (token instanceof X509Token
- || token instanceof KeyValueToken) {
+ } else if (token instanceof X509Token || token instanceof KeyValueToken) {
doSignature(token, wrapper);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken)token, false, true);
@@ -273,10 +272,19 @@ public class StaxTransportBindingHandler
} else if (token instanceof UsernameToken) {
throw new Exception("Endorsing UsernameTokens are not supported in the streaming code");
} else if (token instanceof KerberosToken) {
- addKerberosToken((KerberosToken)token, false, true);
+ Map<String, Object> config = getProperties();
+ String signatureAction = ConfigurationConstants.SIGNATURE;
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " + signatureAction);
+ } else {
+ config.put(ConfigurationConstants.ACTION, signatureAction);
+ }
+ configureSignature(wrapper, token, false);
+
+ addKerberosToken((KerberosToken)token, false, true, false);
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
- Map<String, Object> config = getProperties();
config.put(ConfigurationConstants.SIG_ALGO,
tbinding.getAlgorithmSuite().getSymmetricSignature());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java (original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java Wed Oct 9 13:38:23 2013
@@ -159,11 +159,6 @@ public class StaxToDOMSamlTest extends A
properties.setSamlCallbackHandler(new SAML1CallbackHandler());
properties.setCallbackHandler(new PasswordCallbackHandler());
- properties.setSignatureUser("alice");
-
- Properties cryptoProperties =
- CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
- properties.setSignatureCryptoProperties(cryptoProperties);
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
);
@@ -205,8 +200,6 @@ public class StaxToDOMSamlTest extends A
outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
- outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
- outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);
@@ -320,11 +313,6 @@ public class StaxToDOMSamlTest extends A
properties.setSamlCallbackHandler(new SAML2CallbackHandler());
properties.setCallbackHandler(new PasswordCallbackHandler());
- properties.setSignatureUser("alice");
-
- Properties cryptoProperties =
- CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
- properties.setSignatureCryptoProperties(cryptoProperties);
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
);
@@ -367,8 +355,6 @@ public class StaxToDOMSamlTest extends A
outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler());
outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
- outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
- outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);