You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/01/31 11:50:19 UTC
[cxf] branch wss4j_2.3.0 updated: Picking up derived key changes
from WSS4J
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/wss4j_2.3.0 by this push:
new 4689a11 Picking up derived key changes from WSS4J
4689a11 is described below
commit 4689a11164839ccd0c6995dc8c927cbf563a36aa
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 31 11:49:53 2019 +0000
Picking up derived key changes from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 8 ++++----
.../policyhandlers/AsymmetricBindingHandler.java | 8 ++++----
.../policyhandlers/SymmetricBindingHandler.java | 24 +++++++++-------------
.../policyhandlers/TransportBindingHandler.java | 10 ++++-----
4 files changed, 23 insertions(+), 27 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index faf7d00..17b8b65 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2033,7 +2033,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (ref != null) {
ref = cloneElement(ref);
- dkSign.setExternalKey(tok.getSecret(), ref);
+ dkSign.setStrElem(ref);
} else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -2044,10 +2044,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
tokenRef.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -2063,7 +2063,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (isTokenProtection) {
String sigTokId = XMLUtils.getIDFromReference(tok.getId());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index a20c52b..015f9bf 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -597,7 +597,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setupEncryptedKey(recToken, encrToken);
}
- dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setTokenIdentifier(this.encryptedKeyId);
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
@@ -606,7 +606,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(this.encryptedKeyValue);
addDerivedKeyElement(dkEncr.getdktElement());
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
@@ -681,7 +681,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkSign.setTokenIdentifier(this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
@@ -699,7 +699,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
- dkSign.prepare();
+ dkSign.prepare(this.encryptedKeyValue);
if (abinding.isProtectTokens()) {
assertPolicy(
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index d824e21..8a4d5d9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -452,13 +452,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (attached && encrTok.getAttachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getAttachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getAttachedReference()));
} else if (encrTok.getUnattachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getUnattachedReference()));
} else if (!isRequestor() && encrTok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -477,7 +473,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
tokenRef.addTokenType(tokenType);
- dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+ dkEncr.setStrElem(tokenRef.getElement());
} else {
if (attached) {
String id = encrTok.getWsuId();
@@ -492,10 +488,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (id.startsWith("#")) {
id = id.substring(1);
}
- dkEncr.setExternalKey(encrTok.getSecret(), id);
+ dkEncr.setTokenIdentifier(id);
} else {
dkEncr.setTokenIdDirectId(true);
- dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ dkEncr.setTokenIdentifier(encrTok.getId());
}
}
@@ -525,7 +521,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(encrTok.getSecret());
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
@@ -701,7 +697,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else if (!isRequestor() && policyToken.getDerivedKeys()
== DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
@@ -723,13 +719,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
tokenRef.addTokenType(tokenType);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
if ((!attached && !isRequestor()) || policyToken instanceof SecureConversationToken
|| policyToken instanceof SecurityContextToken) {
dkSign.setTokenIdDirectId(true);
}
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -769,7 +765,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (sbinding.isProtectTokens()) {
String sigTokId = tok.getId();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index bf70e2e..c067699 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -392,9 +392,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
+ dkSig.setTokenIdentifier(encrKey.getId());
- dkSig.prepare();
+ dkSig.prepare(symmetricKey.getEncoded());
dkSig.getParts().addAll(sigParts);
List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
@@ -487,9 +487,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else {
- dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
+ dkSign.setTokenIdentifier(secTok.getId());
}
if (token instanceof UsernameToken) {
@@ -503,7 +503,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token.getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.prepare();
+ dkSign.prepare(secTok.getSecret());
addDerivedKeyElement(dkSign.getdktElement());