You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/07/19 11:44:24 UTC
[cxf] branch main updated: Picking up latest WSS4J changes
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 7f4c668a04 Picking up latest WSS4J changes
7f4c668a04 is described below
commit 7f4c668a04211e044c69fe51c0053567e39a13d6
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 19 12:40:38 2022 +0100
Picking up latest WSS4J changes
---
.../ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java | 6 +++---
.../ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java | 2 +-
.../ws/security/wss4j/policyhandlers/TransportBindingHandler.java | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 961c5d9102..59d76a1f91 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -615,7 +615,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
) throws WSSecurityException {
if (endorse && isTokenRequired(token.getIncludeTokenType())) {
byte[] salt = UsernameTokenUtil.generateSalt(true);
- WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt, true);
+ WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt);
if (utBuilder != null) {
utBuilder.prepare(salt);
addSupportingElement(utBuilder.getUsernameTokenElement());
@@ -866,7 +866,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt, boolean useMac) {
+ protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt) {
assertToken(token);
if (!isTokenRequired(token.getIncludeTokenType())) {
return null;
@@ -887,7 +887,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
utBuilder.setUserInfo(userName, password);
- utBuilder.addDerivedKey(useMac, 1000);
+ utBuilder.addDerivedKey(1000);
utBuilder.prepare(salt);
} else {
unassertPolicy(token, "No password available");
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 1e9d965761..1fa284f1bb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -1005,7 +1005,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (isTokenRequired(sigToken.getIncludeTokenType())) {
boolean useMac = hasSignedPartsOrElements();
byte[] salt = UsernameTokenUtil.generateSalt(useMac);
- WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt, useMac);
+ WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt);
String id = usernameToken.getId();
byte[] secret = usernameToken.getDerivedKey(salt);
Arrays.fill(salt, (byte)0);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 882226a52a..322327e695 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -337,7 +337,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
} else if (token instanceof UsernameToken) {
// Create a UsernameToken object for derived keys and store the security token
byte[] salt = UsernameTokenUtil.generateSalt(true);
- WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt, true);
+ WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt);
String id = usernameToken.getId();
byte[] secret = usernameToken.getDerivedKey(salt);
Arrays.fill(salt, (byte)0);