You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by as...@apache.org on 2014/01/02 17:59:56 UTC
svn commit: r1554846 - in /cxf/trunk/services:
sts/sts-core/src/main/java/org/apache/cxf/sts/operation/
sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/
xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/
xkms/xkms-common/src/m...
Author: ashakirin
Date: Thu Jan 2 16:59:56 2014
New Revision: 1554846
URL: http://svn.apache.org/r1554846
Log:
[CXF-5443] STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier to encrypt symmetric key
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Thu Jan 2 16:59:56 2014
@@ -34,7 +34,6 @@ import javax.xml.ws.handler.MessageConte
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.sts.QNameConstants;
-import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.claims.RequestClaimCollection;
import org.apache.cxf.sts.event.STSIssueFailureEvent;
import org.apache.cxf.sts.event.STSIssueSuccessEvent;
@@ -66,7 +65,6 @@ import org.apache.wss4j.common.ext.WSSec
import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
@@ -226,7 +224,6 @@ public class TokenIssueOperation extends
try {
KeyRequirements keyRequirements = requestParser.getKeyRequirements();
EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
- mapEncryptionProperties(tokenRequirements, encryptionProperties);
RequestSecurityTokenResponseType response =
createResponse(
encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
@@ -443,16 +440,4 @@ public class TokenIssueOperation extends
QNameConstants.WS_TRUST_FACTORY.createBinarySecret(binarySecretType);
return binarySecret;
}
-
- private void mapEncryptionProperties(TokenRequirements tokenRequirements,
- EncryptionProperties encryptionProperties) {
-
- if (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS
- .equals(encryptionProperties.getEncryptionName())
- && (tokenRequirements.getAppliesTo() != null)) {
- encryptionProperties.setEncryptionName(tokenRequirements.getAppliesTo()
- .getTextContent());
- encryptionProperties.setKeyIdentifierType(WSConstants.ENDPOINT_KEY_IDENTIFIER);
- }
- }
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java Thu Jan 2 16:59:56 2014
@@ -26,7 +26,6 @@ import java.util.logging.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
@@ -138,10 +137,14 @@ public class DefaultSubjectProvider impl
CryptoType cryptoType = null;
- // Check using of service endpoint (AppliesTo) as certificate identifier
- if (encryptionProperties.getKeyIdentifierType() == (WSConstants.ENDPOINT_KEY_IDENTIFIER)) {
+ // Check for using of service endpoint (AppliesTo) as certificate identifier
+ if (STSConstants.USE_ENDPOINT_AS_CERT_ALIAS.equals(encryptionName)) {
+ if (providerParameters.getAppliesToAddress() == null) {
+ throw new STSException("AppliesTo is not initilaized for encryption name "
+ + STSConstants.USE_ENDPOINT_AS_CERT_ALIAS);
+ }
cryptoType = new CryptoType(CryptoType.TYPE.ENDPOINT);
- cryptoType.setEndpoint(encryptionProperties.getEncryptionName());
+ cryptoType.setEndpoint(providerParameters.getAppliesToAddress());
} else {
cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(encryptionName);
@@ -149,9 +152,8 @@ public class DefaultSubjectProvider impl
try {
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- if (certs == null || certs.length <= 0) {
- new STSException("Encryption certificate is not found for alias: " + encryptionName,
- STSException.REQUEST_FAILED);
+ if ((certs == null) || (certs.length == 0)) {
+ throw new STSException("Encryption certificate is not found for alias: " + encryptionName);
}
KeyInfoBean keyInfo =
createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
@@ -244,5 +246,4 @@ public class DefaultSubjectProvider impl
return keyInfo;
}
-
}
Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProviderFactory.java Thu Jan 2 16:59:56 2014
@@ -19,6 +19,8 @@
package org.apache.cxf.xkms.crypto.impl;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.Properties;
import org.apache.cxf.message.Message;
@@ -75,4 +77,25 @@ public class XkmsCryptoProviderFactory i
public Crypto create(XKMSPortType xkmsClient, Crypto fallbackCrypto, boolean allowX509FromJKS) {
return new XkmsCryptoProvider(xkmsClient, fallbackCrypto, allowX509FromJKS);
}
+
+ @Override
+ public Crypto create(String keystorePropsPath) {
+ try {
+ Properties keystoreProps = new Properties();
+ InputStream is = this.getClass().getResourceAsStream(keystorePropsPath);
+ if (is == null) {
+ throw new CryptoProviderException("Cannot load security properties: "
+ + keystorePropsPath);
+ }
+ keystoreProps.load(is);
+ Crypto defaultCrypto = CryptoFactory.getInstance(keystoreProps);
+ return new XkmsCryptoProvider(xkmsConsumer, defaultCrypto);
+ } catch (WSSecurityException e) {
+ throw new CryptoProviderException("Cannot instantiate crypto factory: "
+ + e.getMessage(), e);
+ } catch (IOException e) {
+ throw new CryptoProviderException("Cannot load security properties: "
+ + e.getMessage(), e);
+ }
+ }
}
Modified: cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java?rev=1554846&r1=1554845&r2=1554846&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java (original)
+++ cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java Thu Jan 2 16:59:56 2014
@@ -49,6 +49,15 @@ public interface CryptoProviderFactory {
Crypto create(Crypto fallbackCrypto);
/**
+ * Create with overridden keystoreProperties to create default Crypto
+ *
+ * @param xkmsClient
+ * @param keystoreProperties
+ * @return
+ */
+ Crypto create(String keystoreProperties);
+
+ /**
* Create with overridden XKMSPortType and fallbackCrypto
*
* @param xkmsClient