You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/08/26 18:08:37 UTC
svn commit: r1162150 - in
/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security:
kerberos/ policy/interceptors/ tokenstore/ wss4j/policyhandlers/
Author: coheigea
Date: Fri Aug 26 16:08:37 2011
New Revision: 1162150
URL: http://svn.apache.org/viewvc?rev=1162150&view=rev
Log:
[CXF-3767] - Adding support for signing + encrypting message parts using a Kerberos Ticket
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java Fri Aug 26 16:08:37 2011
@@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.kerbe
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.Bus;
@@ -114,7 +115,11 @@ public class KerberosClient implements C
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
- //token.setSecret(bst.getToken());
+ token.setWsuId(bst.getID());
+ SecretKey secretKey = bst.getSecretKey();
+ if (secretKey != null) {
+ token.setSecret(secretKey.getEncoded());
+ }
token.setTokenType(bst.getValueType());
return token;
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Fri Aug 26 16:08:37 2011
@@ -172,13 +172,16 @@ public class KerberosTokenInterceptorPro
) {
if (results != null) {
for (WSHandlerResult rResult : results) {
- List<KerberosSecurity> kerberosResults = findKerberosResults(rResult.getResults());
- for (KerberosSecurity kerberosToken : kerberosResults) {
+ List<WSSecurityEngineResult> kerberosResults = findKerberosResults(rResult.getResults());
+ for (WSSecurityEngineResult wser : kerberosResults) {
+ KerberosSecurity kerberosToken =
+ (KerberosSecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
KerberosTokenPolicyValidator kerberosValidator =
new KerberosTokenPolicyValidator(message);
boolean valid = kerberosValidator.validatePolicy(aim, kerberosToken);
if (valid) {
SecurityToken token = createSecurityToken(kerberosToken);
+ token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
message.getExchange().put(SecurityConstants.TOKEN, token);
return;
}
@@ -187,17 +190,17 @@ public class KerberosTokenInterceptorPro
}
}
- private List<KerberosSecurity> findKerberosResults(
+ private List<WSSecurityEngineResult> findKerberosResults(
List<WSSecurityEngineResult> wsSecEngineResults
) {
- List<KerberosSecurity> results = new ArrayList<KerberosSecurity>();
+ List<WSSecurityEngineResult> results = new ArrayList<WSSecurityEngineResult>();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.BST) {
BinarySecurity binarySecurity =
(BinarySecurity)wser.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (binarySecurity instanceof KerberosSecurity) {
- results.add((KerberosSecurity)binarySecurity);
+ results.add(wser);
}
}
}
@@ -205,12 +208,10 @@ public class KerberosTokenInterceptorPro
}
}
- private static SecurityToken createSecurityToken(BinarySecurity binarySecurityToken) {
+ private static SecurityToken createSecurityToken(KerberosSecurity binarySecurityToken) {
SecurityToken token = new SecurityToken(binarySecurityToken.getID());
token.setToken(binarySecurityToken.getElement());
- token.setSecret(binarySecurityToken.getToken());
token.setTokenType(binarySecurityToken.getValueType());
-
return token;
}
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Fri Aug 26 16:08:37 2011
@@ -54,6 +54,11 @@ public class SecurityToken {
private String id;
/**
+ * WSU Identifier of the token
+ */
+ private String wsuId;
+
+ /**
* Current state of the token
*/
private State state = State.UNKNOWN;
@@ -392,8 +397,14 @@ public class SecurityToken {
tokenType = s;
}
+ public void setWsuId(String wsuId) {
+ this.wsuId = wsuId;
+ }
public String getWsuId() {
+ if (wsuId != null) {
+ return wsuId;
+ }
Element elem = getAttachedReference();
if (elem != null) {
String t = getIdFromSTR(elem);
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Fri Aug 26 16:08:37 2011
@@ -40,6 +40,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
+import org.apache.cxf.ws.security.policy.model.KerberosToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
@@ -153,7 +154,7 @@ public class SymmetricBindingHandler ext
//SecureConversationToken
String tokenId = null;
SecurityToken tok = null;
- if (encryptionToken instanceof IssuedToken) {
+ if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken) {
tok = getSecurityToken();
} else if (encryptionToken instanceof SecureConversationToken) {
tok = getSecurityToken();
@@ -269,7 +270,7 @@ public class SymmetricBindingHandler ext
if (sigToken != null) {
if (sigToken instanceof SecureConversationToken) {
sigTok = getSecurityToken();
- } else if (sigToken instanceof IssuedToken) {
+ } else if (sigToken instanceof IssuedToken || sigToken instanceof KerberosToken) {
sigTok = getSecurityToken();
} else if (sigToken instanceof X509Token) {
if (isRequestor()) {
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1162150&r1=1162149&r2=1162150&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Fri Aug 26 16:08:37 2011
@@ -166,7 +166,8 @@ public class TransportBindingHandler ext
for (Token token : sgndSuppTokens.getTokens()) {
if (token instanceof IssuedToken
|| token instanceof SecureConversationToken
- || token instanceof KeyValueToken) {
+ || token instanceof KeyValueToken
+ || token instanceof KerberosToken) {
addSig(signatureValues, doIssuedTokenSignature(token, signdParts,
sgndSuppTokens,
null));
@@ -201,7 +202,8 @@ public class TransportBindingHandler ext
if (endSuppTokens != null) {
for (Token token : endSuppTokens.getTokens()) {
if (token instanceof IssuedToken
- || token instanceof SecureConversationToken) {
+ || token instanceof SecureConversationToken
+ || token instanceof KerberosToken) {
addSig(signatureValues, doIssuedTokenSignature(token,
endSuppTokens
.getSignedParts(),