You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/08/04 13:01:10 UTC
cxf git commit: Some refactoring due to WSS-549
Repository: cxf
Updated Branches:
refs/heads/master e89913007 -> 5048d0b5a
Some refactoring due to WSS-549
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5048d0b5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5048d0b5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5048d0b5
Branch: refs/heads/master
Commit: 5048d0b5a92cceb98fc46424d758b40107b47345
Parents: e899130
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Aug 4 12:00:46 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Aug 4 12:00:46 2015 +0100
----------------------------------------------------------------------
.../AsymmetricBindingHandler.java | 87 ++++++++++++--------
.../policyhandlers/SymmetricBindingHandler.java | 11 ++-
2 files changed, 60 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/5048d0b5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 01d7de3..dba4cff 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -416,7 +416,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
try {
Element secondRefList =
((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
- ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+ if (secondRefList != null) {
+ ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+ }
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -452,37 +454,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
assertPolicy(encrToken);
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- try {
- WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
- dkEncr.setIdAllocator(wssConfig.getIdAllocator());
- dkEncr.setCallbackLookup(callbackLookup);
- dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
- dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
- if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
- dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
- }
-
- if (encrKey == null) {
- setupEncryptedKey(recToken, encrToken);
- }
-
- dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
- dkEncr.getParts().addAll(encrParts);
- dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
- + WSConstants.ENC_KEY_VALUE_TYPE);
- AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
- dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
- dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare(saaj.getSOAPPart());
-
- addDerivedKeyElement(dkEncr.getdktElement());
- Element refList = dkEncr.encryptForExternalRef(null, encrParts);
- insertBeforeBottomUp(refList);
- return dkEncr;
- } catch (Exception e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- unassertPolicy(recToken, e);
- }
+ return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
} else {
try {
WSSecEncrypt encr = new WSSecEncrypt();
@@ -539,7 +511,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
//Encrypt, get hold of the ref list and add it
if (externalRef) {
Element refList = encr.encryptForRef(null, encrParts);
- insertBeforeBottomUp(refList);
+ if (refList != null) {
+ insertBeforeBottomUp(refList);
+ }
if (attachments != null) {
for (Element attachment : attachments) {
this.insertBeforeBottomUp(attachment);
@@ -551,7 +525,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
this.addEncryptedKeyElement(encryptedKeyElement);
// Add internal refs
- encryptedKeyElement.appendChild(refList);
+ if (refList != null) {
+ encryptedKeyElement.appendChild(refList);
+ }
if (attachments != null) {
for (Element attachment : attachments) {
this.addEncryptedKeyElement(attachment);
@@ -572,7 +548,48 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
}
return null;
- }
+ }
+
+ private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
+ AbstractToken encrToken,
+ List<WSEncryptionPart> encrParts,
+ AlgorithmSuite algorithmSuite) {
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ dkEncr.setIdAllocator(wssConfig.getIdAllocator());
+ dkEncr.setCallbackLookup(callbackLookup);
+ dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+ if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
+ dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
+ }
+
+ if (encrKey == null) {
+ setupEncryptedKey(recToken, encrToken);
+ }
+
+ dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.getParts().addAll(encrParts);
+ dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
+ dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
+ dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
+ dkEncr.prepare(saaj.getSOAPPart());
+
+ addDerivedKeyElement(dkEncr.getdktElement());
+ Element refList = dkEncr.encryptForExternalRef(null, encrParts);
+ if (refList != null) {
+ insertBeforeBottomUp(refList);
+ }
+ return dkEncr;
+ } catch (Exception e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ unassertPolicy(recToken, e);
+ }
+
+ return null;
+ }
private void assertUnusedTokens(AbstractTokenWrapper wrapper) {
if (wrapper == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5048d0b5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 0aba026..5eb83fe 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -250,10 +250,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
&& !secondEncrParts.isEmpty()) {
secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,
secondEncrParts);
- this.addDerivedKeyElement(secondRefList);
} else if (!secondEncrParts.isEmpty()) {
//Encrypt, get hold of the ref list and add it
secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts);
+ }
+ if (secondRefList != null) {
this.addDerivedKeyElement(secondRefList);
}
}
@@ -612,14 +613,18 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
private void addAttachmentsForEncryption(boolean atEnd, Element refList, List<Element> attachments) {
if (atEnd) {
- this.insertBeforeBottomUp(refList);
+ if (refList != null) {
+ this.insertBeforeBottomUp(refList);
+ }
if (attachments != null) {
for (Element attachment : attachments) {
this.insertBeforeBottomUp(attachment);
}
}
} else {
- this.addDerivedKeyElement(refList);
+ if (refList != null) {
+ this.addDerivedKeyElement(refList);
+ }
if (attachments != null) {
for (Element attachment : attachments) {
this.addDerivedKeyElement(attachment);