[cxf] branch main updated: Picking up latest WSS4J changes

[co...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/main by this push:
     new 7f4c668a04 Picking up latest WSS4J changes
7f4c668a04 is described below

commit 7f4c668a04211e044c69fe51c0053567e39a13d6
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 19 12:40:38 2022 +0100

    Picking up latest WSS4J changes
---
 .../ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java    | 6 +++---
 .../ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java   | 2 +-
 .../ws/security/wss4j/policyhandlers/TransportBindingHandler.java   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 961c5d9102..59d76a1f91 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -615,7 +615,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     ) throws WSSecurityException {
         if (endorse && isTokenRequired(token.getIncludeTokenType())) {
             byte[] salt = UsernameTokenUtil.generateSalt(true);
-            WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt, true);
+            WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt);
             if (utBuilder != null) {
                 utBuilder.prepare(salt);
                 addSupportingElement(utBuilder.getUsernameTokenElement());
@@ -866,7 +866,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return null;
     }
 
-    protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt, boolean useMac) {
+    protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt) {
         assertToken(token);
         if (!isTokenRequired(token.getIncludeTokenType())) {
             return null;
@@ -887,7 +887,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             if (!StringUtils.isEmpty(password)) {
                 // If the password is available then build the token
                 utBuilder.setUserInfo(userName, password);
-                utBuilder.addDerivedKey(useMac,  1000);
+                utBuilder.addDerivedKey(1000);
                 utBuilder.prepare(salt);
             } else {
                 unassertPolicy(token, "No password available");
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 1e9d965761..1fa284f1bb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -1005,7 +1005,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         if (isTokenRequired(sigToken.getIncludeTokenType())) {
             boolean useMac = hasSignedPartsOrElements();
             byte[] salt = UsernameTokenUtil.generateSalt(useMac);
-            WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt, useMac);
+            WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt);
             String id = usernameToken.getId();
             byte[] secret = usernameToken.getDerivedKey(salt);
             Arrays.fill(salt, (byte)0);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 882226a52a..322327e695 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -337,7 +337,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         } else if (token instanceof UsernameToken) {
             // Create a UsernameToken object for derived keys and store the security token
             byte[] salt = UsernameTokenUtil.generateSalt(true);
-            WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt, true);
+            WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt);
             String id = usernameToken.getId();
             byte[] secret = usernameToken.getDerivedKey(salt);
             Arrays.fill(salt, (byte)0);