You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/11/30 16:31:10 UTC
svn commit: r1208466 - in
/webservices/wss4j/trunk/src/main/java/org/apache/ws/security:
processor/SecurityContextTokenProcessor.java spnego/SpnegoToken.java
str/SecurityTokenRefSTRParser.java
Author: coheigea
Date: Wed Nov 30 15:31:10 2011
New Revision: 1208466
URL: http://svn.apache.org/viewvc?rev=1208466&view=rev
Log:
Added the ability to encrypt using SPNEGO and some improvements based around handling keys associated with SecurityContextTokens.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java Wed Nov 30 15:31:10 2011
@@ -67,7 +67,19 @@ public class SecurityContextTokenProcess
result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
} else {
- byte[] secret = getSecret(data.getCallbackHandler(), sct);
+ String id = sct.getID();
+ if (id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+ byte[] secret = null;
+ try {
+ secret = getSecret(data.getCallbackHandler(), sct.getIdentifier());
+ } catch (WSSecurityException ex) {
+ secret = getSecret(data.getCallbackHandler(), id);
+ }
+ if (secret == null || secret.length == 0) {
+ secret = getSecret(data.getCallbackHandler(), id);
+ }
result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
result.put(WSSecurityEngineResult.TAG_SECRET, secret);
}
@@ -84,7 +96,7 @@ public class SecurityContextTokenProcess
* @param sct
* @return The key collected using the callback handler
*/
- private byte[] getSecret(CallbackHandler cb, SecurityContextToken sct)
+ private byte[] getSecret(CallbackHandler cb, String identifier)
throws WSSecurityException {
if (cb == null) {
@@ -92,9 +104,7 @@ public class SecurityContextTokenProcess
}
WSPasswordCallback callback =
- new WSPasswordCallback(
- sct.getIdentifier(), WSPasswordCallback.SECURITY_CONTEXT_TOKEN
- );
+ new WSPasswordCallback(identifier, WSPasswordCallback.SECURITY_CONTEXT_TOKEN);
try {
Callback[] callbacks = new Callback[]{callback};
cb.handle(callbacks);
@@ -102,14 +112,14 @@ public class SecurityContextTokenProcess
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noKey",
- new Object[] {sct.getIdentifier()},
+ new Object[] {identifier},
e
);
} catch (UnsupportedCallbackException e) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noKey",
- new Object[] {sct.getIdentifier()},
+ new Object[] {identifier},
e
);
}
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java Wed Nov 30 15:31:10 2011
@@ -202,6 +202,23 @@ public class SpnegoToken {
}
}
+ /**
+ * Wrap a key
+ */
+ public byte[] wrapKey(byte[] secret) throws WSSecurityException {
+ MessageProp mProp = new MessageProp(0, true);
+ try {
+ return secContext.wrap(secret, 0, secret.length, mProp);
+ } catch (GSSException e) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Error in cleaning up a GSS context", e);
+ }
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "spnegoKeyError"
+ );
+ }
+ }
+
public void clear() {
token = null;
try {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java Wed Nov 30 15:31:10 2011
@@ -97,6 +97,12 @@ public class SecurityTokenRefSTRParser i
WSSecurityEngineResult result = wsDocInfo.getResult(uri);
if (result != null) {
processPreviousResult(result, secRef, data, parameters, wsDocInfo, bspCompliant);
+
+ if (secretKey == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}
+ );
+ }
} else if (secRef.containsReference()) {
Reference reference = secRef.getReference();
// Try asking the CallbackHandler for the secret key