You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/08/19 11:50:50 UTC
[cxf] branch wss4j_2.3.0 updated (3e6247b -> 407e31e)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git.
discard 3e6247b Picking up more changes in WSS4J
discard 5a13739 Use newer guava version from WSS4J
discard 64e7d0e Fixing up latest policy change in WSS4J
discard 3539dfa Set the SOAP namespace on the streaming policy validation code
discard 7fee961 Picking up more derived key changes in WSS4J
discard 5527596 Picking up derived key changes from WSS4J
discard abd0656 Create salt instead of getting it from WSS4J
discard 0d6f4bf Picking up changes to symmetricKey in WSSEcEncryptedKey
discard 8ea0044 WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
discard 7948a24 Get the encrypted key SHA value directly from WSS4J
add 55fff5e [CXF-8062]be able to set HTTP return code even it's 4xx
add 34473b5 [CXF-8064]OpenApiFeature(OpenAPI V3) should be able to work with camel-cxfrs endpoint
add 1fad512 Updating Jasypt bundle
add 8add945 Setting property logMultipart and logBinary from org.apache.cxf.features.logging.cfg
add 4f40390 Merge pull request #563 from LucaT75/DisableLoggingMultipartFeature
add 5fe1123 [CXF-8072]Loggers logs request twice in case of Fault
add efac0e6 Fix some eclipse warnings
add aa1fdd0 Merge branch 'master' of github.com:apache/cxf
add c09877e Use MessageDigest in the SCTCanceller
add 7815364 Fix a bunch of issues the new PMD is reporting, many more to go
add 5355846 Upgrade pmd plugin, try to detect which eclipse PMD plugin (there are 2) is installed and configure appropriately
add 8a4c09f CXF-8051 - Inline any xop Include references in a received SecurityToken if MTOM is enabled
add c6f6926 Merge pull request #564 from apache/CXF-8051
add 236595b Updating Tomcat
add 686b6ef Update MP Rest Client dependency to 1.3.3
add ca147d9 cxf-core: fix some new PMD warnings
add 515ba9d Updating Netty
add 8938ee2 Updating some depedencies
add aae5389 Updating ActiveMQ
add 6ce1a1b PMD cleanup
add 7cb48e0 CXF-8066: Support Doclet API (JDK13+) (#566)
add 7f2b714 [CXF-8073] Better error reporting on oauth2's OAuthServiceException
add 3457826 Update OAuthError.java
add d99a1d8 Merge pull request #567 from rcsilva83/CXF-8073
add d520059 CXF-8076 - Check for recursive calls when invoking on an STS using its own IssuedToken policy
add 1a63729 CXF-8076 - Minor tweak
add 66317cc Fixed PMD issues
add 9101e20 Fixing CrossDomainTest
add 356e576 CXF-8071 - XKMS LdapCertificateRepo searching using Service UID doesn't work
add 6c5dea2 Merge pull request #565 from apache/CXF-8071
add 11f78d0 update Swagger-UI version
add e438cd4 Adding a new configuration tag to control XOP Include for WS-SecurityPolicy
add 4391fe4 Simplifying WSS4J unit tests
add 9ab0d27 CXF-8077 - WSS4JInInterceptor is not thread safe
add a8b17dd CXF-8032 - Adding LoggingFeature enables chunking response
add 08c1b24 Updating to WSS4J 2.2.4
add 890a018 Updating BouncyCastle
add a0863e6 [CXF-8080] Ensure stages from async methods are completed
add 6bff3cb Merge pull request #570 from andymc12/8080-asyncStages
add 60f0e66 [CXF-8081]should cache reactor OutputStream
add 29789d3 [CXF-8083]ensure java2swagger-plugin|java2ws-plugin m2e compatible
add 65c771e [CXF-7953]ensure we have corba api bundle installed if JDK don't provide
add dd11a60 Update jackston to get latest CVE patches
add 0b41ab1 Couple of other dependency updates
add a7638c1 Updating Jackson databind version
add e8375da Updating undertow
add b7ae6e7 Make private methods protected
add d1494e9 Dependency updates
add 08a548e Updating Tika version in samples
add c453a20 [CXF-8088]ensure jaxrs endpoint can work correctly when using a shared bus exposed from another bundle
add 4c4bbee Updating Hazelcast
add 14f83e5 Update release notes
add 9e71376 Use released buildutils
add c7806cb [maven-release-plugin] prepare release cxf-3.3.3
add e80f7ac [maven-release-plugin] prepare for next development iteration
add 4d822f3 Back to snapshot until vote finish
add 09dba95 [CXF-8090]Warnings when using cxf-codegen-plugin
add e14fddd Use release version
add e6d432b Update master to 3.4.0-SNAPSHOT
add 75e9ae0 CXF-8091 - Update Commons JEXL
add 0deb502 Removing some deprecated STS method calls
add 4870660 Removing some more deprecated APIs
add 6164a86 SLF4J upgrade
add 840282a Adding OAuth public client tests
add 563b1ec Adding OAuth PKCE Digest tests
add 7b333d0 [CXF-7601] Add support for Microprofile OpenAPI implementation (as an alternative to Swagger Core 2.0)
add 1c55f92 update new module to 3.3.1-SNAPSHOT
add 3886940 update to latest geronimo-openapi-impl release
add 3b96065 [CXF-7601] Add support for Microprofile OpenAPI implementation (as an alternative to Swagger Core 2.0)
add 5aa0660 Rebased against latest master, added a sample project for OpenAPI v3.0 using microprofile implementation
add 09ddfde Upgrading Apache Johnzon dependencies to 1.1.11
add 0c7ab09 update to latest geronimo-openapi-impl release
add e1b8126 Accomodate recent microprofile OpenApi changes
add bb6a56e Merge branch 'master-apache' into CXF-7601_microProfileOpenApi
add 64915c3 update parent to 3.4.0-SNAPSHOT
add bf81196 Merge pull request #571 from apache/CXF-7601_microProfileOpenApi
new fa6d58c Updating Netty
new 187d3c1 Get the encrypted key SHA value directly from WSS4J
new 78faeae WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
new 10752ce Picking up changes to symmetricKey in WSSEcEncryptedKey
new eae9751 Create salt instead of getting it from WSS4J
new 3800d5c Picking up derived key changes from WSS4J
new 02b88f6 Picking up more derived key changes in WSS4J
new c68290f Set the SOAP namespace on the streaming policy validation code
new 8c8de03 Fixing up latest policy change in WSS4J
new 2517ffb Use newer guava version from WSS4J
new 407e31e Picking up more changes in WSS4J
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (3e6247b)
\
N -- N -- N refs/heads/wss4j_2.3.0 (407e31e)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
core/pom.xml | 2 +-
.../cxf/attachment/AttachmentDataSource.java | 7 +-
.../apache/cxf/bus/blueprint/ConfigurerImpl.java | 11 +-
.../cxf/bus/extension/ExtensionManagerImpl.java | 18 +-
.../BusApplicationContextResourceResolver.java | 3 +-
.../apache/cxf/bus/spring/BusDefinitionParser.java | 3 +-
.../cxf/bus/spring/BusExtensionPostProcessor.java | 5 +-
.../spring/BusWiringBeanFactoryPostProcessor.java | 3 +-
...ontrolledValidationXmlBeanDefinitionReader.java | 6 +-
.../cxf/bus/spring/Jsr250BeanPostProcessor.java | 9 +-
.../java/org/apache/cxf/bus/spring/SpringBus.java | 3 +-
.../java/org/apache/cxf/common/jaxb/JAXBUtils.java | 14 +-
.../common/logging/AbstractDelegatingLogger.java | 6 +-
.../org/apache/cxf/common/logging/Log4jLogger.java | 6 +-
.../apache/cxf/configuration/jsse/SSLUtils.java | 91 ++---
.../spring/AbstractBeanDefinitionParser.java | 4 +-
.../cxf/configuration/spring/ConfigurerImpl.java | 11 +-
.../cxf/databinding/stax/StaxDataBinding.java | 2 +-
.../java/org/apache/cxf/endpoint/ClientImpl.java | 5 +
.../cxf/feature/transform/XSLTInInterceptor.java | 26 +-
.../apache/cxf/feature/transform/XSLTUtils.java | 35 +-
.../java/org/apache/cxf/helpers/FileUtils.java | 21 +-
.../main/java/org/apache/cxf/helpers/IOUtils.java | 39 +-
.../interceptor/AbstractLoggingInterceptor.java | 19 +-
.../cxf/interceptor/FaultOutInterceptor.java | 2 +-
.../cxf/interceptor/LoggingInInterceptor.java | 4 +-
.../cxf/interceptor/LoggingOutInterceptor.java | 2 +-
.../cxf/interceptor/MessageSenderInterceptor.java | 2 +-
.../interceptor/OneWayProcessorInterceptor.java | 2 +-
.../cxf/interceptor/StaxInEndingInterceptor.java | 2 +-
.../apache/cxf/interceptor/StaxInInterceptor.java | 5 +-
.../cxf/interceptor/StaxOutEndingInterceptor.java | 2 +-
.../apache/cxf/interceptor/StaxOutInterceptor.java | 5 +-
.../security/AbstractAuthorizingInInterceptor.java | 3 +-
.../AbstractSecurityContextInInterceptor.java | 3 +-
.../DelegatingAuthenticationInterceptor.java | 3 +-
.../interceptor/security/JAASLoginInterceptor.java | 3 +-
.../OperationInfoAuthorizingInterceptor.java | 3 +-
.../service/factory/SimpleMethodDispatcher.java | 6 +-
.../service/invoker/spring/SpringBeanFactory.java | 5 +-
.../cxf/staxutils/AbstractDOMStreamReader.java | 2 +-
.../cxf/staxutils/CachingXmlEventWriter.java | 2 +-
.../cxf/staxutils/DelegatingXMLStreamWriter.java | 2 +-
.../apache/cxf/staxutils/DepthXMLStreamReader.java | 5 +-
.../cxf/staxutils/PrettyPrintXMLStreamWriter.java | 2 +-
.../apache/cxf/staxutils/W3CDOMStreamWriter.java | 4 +-
.../cxf/staxutils/transform/InTransformReader.java | 2 +-
.../StaxSchemaValidationInInterceptor.java | 2 +-
.../StaxSchemaValidationOutInterceptor.java | 2 +-
.../transport/common/gzip/GZIPInInterceptor.java | 2 +-
.../transport/common/gzip/GZIPOutInterceptor.java | 4 +-
.../validation/AbstractValidationInterceptor.java | 3 +-
.../apache/cxf/bus/extension/ExtensionTest.java | 2 +-
.../cxf/bus/spring/SpringBusFactoryTest.java | 5 +-
.../apache/cxf/common/logging/LogUtilsTest.java | 2 +-
.../apache/cxf/common/util/ClassHelperTest.java | 3 +-
distribution/javadoc/pom.xml | 2 +-
distribution/manifest/pom.xml | 2 +-
distribution/pom.xml | 2 +-
distribution/src/main/release/release_notes.txt | 102 +++--
.../src/main/release/samples/aegis/pom.xml | 10 +-
.../main/release/samples/aegis_standalone/pom.xml | 4 +-
.../src/main/release/samples/callback/pom.xml | 8 +-
.../samples/clustering/failover_jaxws_osgi/pom.xml | 8 +-
.../samples/clustering/failover_server/pom.xml | 10 +-
.../samples/configuration_interceptor/pom.xml | 8 +-
.../src/main/release/samples/corba/bank/pom.xml | 8 +-
.../samples/corba/bank_ws_addressing/pom.xml | 8 +-
.../main/release/samples/corba/hello_world/pom.xml | 8 +-
.../release/samples/groovy_spring_support/pom.xml | 2 +-
.../main/release/samples/in_jvm_transport/pom.xml | 10 +-
.../main/release/samples/java_first_jaxws/pom.xml | 2 +-
.../samples/java_first_jaxws_factory_bean/pom.xml | 8 +-
.../main/release/samples/java_first_jms/pom.xml | 6 +-
.../main/release/samples/java_first_pojo/pom.xml | 8 +-
.../samples/java_first_spring_support/pom.xml | 2 +-
.../src/main/release/samples/jax_rs/basic/pom.xml | 8 +-
.../release/samples/jax_rs/basic_https/pom.xml | 2 +-
.../main/release/samples/jax_rs/basic_oidc/pom.xml | 2 +-
.../main/release/samples/jax_rs/big_query/pom.xml | 2 +-
.../samples/jax_rs/content_negotiation/pom.xml | 10 +-
.../README.txt | 32 ++
.../pom.xml | 24 +-
.../java/demo/jaxrs/openapi/server/AppConfig.java | 35 ++
.../main/java/demo/jaxrs/openapi/server/Item.java | 0
.../java/demo/jaxrs/openapi/server/Sample.java | 162 ++++++++
.../java/demo/jaxrs/openapi/server/Server.java | 21 +-
.../resources/META-INF/cxf/org.apache.cxf.Logger | 0
.../src/main/resources/logback.xml | 0
.../samples/jax_rs/description_openapi_v3/pom.xml | 10 +-
.../jax_rs/description_openapi_v3_osgi/pom.xml | 8 +-
.../jax_rs/description_openapi_v3_spring/pom.xml | 10 +-
.../jax_rs/description_openapi_v3_web/pom.xml | 10 +-
.../samples/jax_rs/description_swagger2/pom.xml | 10 +-
.../jax_rs/description_swagger2_osgi/pom.xml | 8 +-
.../jax_rs/description_swagger2_spring/pom.xml | 10 +-
.../jax_rs/description_swagger2_web/pom.xml | 10 +-
.../release/samples/jax_rs/minimal_osgi/pom.xml | 2 +-
.../src/main/release/samples/jax_rs/odata/pom.xml | 2 +-
.../src/main/release/samples/jax_rs/search/pom.xml | 14 +-
.../src/main/release/samples/jax_rs/spark/pom.xml | 8 +-
.../release/samples/jax_rs/spring_boot/pom.xml | 4 +-
.../jax_rs/spring_boot_scan/application/pom.xml | 4 +-
.../samples/jax_rs/spring_boot_scan/client/pom.xml | 2 +-
.../spring_boot_scan/eureka-registry/pom.xml | 2 +-
.../release/samples/jax_rs/spring_security/pom.xml | 8 +-
.../main/release/samples/jax_rs/sse_cdi/pom.xml | 2 +-
.../main/release/samples/jax_rs/sse_client/pom.xml | 2 +-
.../main/release/samples/jax_rs/sse_osgi/pom.xml | 2 +-
.../main/release/samples/jax_rs/sse_spring/pom.xml | 2 +-
.../main/release/samples/jax_rs/sse_tomcat/pom.xml | 2 +-
.../release/samples/jax_rs/tracing_brave/pom.xml | 4 +-
.../samples/jax_rs/tracing_brave_osgi/pom.xml | 14 +-
.../samples/jax_rs/tracing_opentracing/pom.xml | 14 +-
.../jax_rs/tracing_opentracing_camel/pom.xml | 18 +-
.../jax_rs/tracing_opentracing_osgi/pom.xml | 4 +-
.../main/release/samples/jax_rs/websocket/pom.xml | 10 +-
.../release/samples/jax_rs/websocket_osgi/pom.xml | 2 +-
.../release/samples/jax_rs/websocket_web/pom.xml | 8 +-
.../samples/jax_server_aegis_client/pom.xml | 10 +-
.../src/main/release/samples/jaxws_async/pom.xml | 10 +-
.../samples/jaxws_dispatch_provider/pom.xml | 8 +-
.../main/release/samples/jaxws_handlers/pom.xml | 8 +-
.../main/release/samples/jaxws_spring_boot/pom.xml | 2 +-
.../samples/jaxws_tracing_brave_osgi/pom.xml | 10 +-
.../src/main/release/samples/jms_pubsub/pom.xml | 8 +-
.../src/main/release/samples/jms_queue/pom.xml | 6 +-
.../src/main/release/samples/jms_spec_demo/pom.xml | 6 +-
.../main/release/samples/jms_spring_config/pom.xml | 6 +-
.../samples/js_browser_client_java_first/pom.xml | 10 +-
.../samples/js_browser_client_simple/pom.xml | 10 +-
.../src/main/release/samples/js_client/pom.xml | 10 +-
.../src/main/release/samples/js_provider/pom.xml | 8 +-
distribution/src/main/release/samples/mtom/pom.xml | 8 +-
.../src/main/release/samples/oauth/client/pom.xml | 2 +-
.../src/main/release/samples/oauth/server/pom.xml | 2 +-
distribution/src/main/release/samples/pom.xml | 5 +-
.../main/release/samples/restful_dispatch/pom.xml | 10 +-
.../release/samples/ruby_spring_support/pom.xml | 2 +-
.../src/main/release/samples/soap_header/pom.xml | 8 +-
distribution/src/main/release/samples/sts/pom.xml | 2 +-
.../src/main/release/samples/throttling/pom.xml | 2 +-
.../src/main/release/samples/ws_addressing/pom.xml | 8 +-
.../src/main/release/samples/ws_discovery/pom.xml | 10 +-
.../src/main/release/samples/ws_eventing/pom.xml | 2 +-
.../main/release/samples/ws_notification/pom.xml | 14 +-
.../src/main/release/samples/ws_policy/pom.xml | 8 +-
.../src/main/release/samples/ws_rm/pom.xml | 10 +-
.../release/samples/ws_security/sign_enc/pom.xml | 16 +-
.../samples/ws_security/sign_enc_policy/pom.xml | 2 +-
.../main/release/samples/ws_security/ut/pom.xml | 10 +-
.../release/samples/ws_security/ut_policy/pom.xml | 2 +-
.../src/main/release/samples/wsdl_first/pom.xml | 2 +-
.../samples/wsdl_first_dynamic_client/pom.xml | 8 +-
.../main/release/samples/wsdl_first_https/pom.xml | 2 +-
.../release/samples/wsdl_first_pure_xml/pom.xml | 8 +-
.../main/release/samples/wsdl_first_rpclit/pom.xml | 8 +-
.../main/release/samples/wsdl_first_soap12/pom.xml | 8 +-
.../release/samples/wsdl_first_xml_wrapped/pom.xml | 8 +-
integration/cdi/pom.xml | 2 +-
integration/jca/pom.xml | 2 +-
.../java/org/apache/cxf/jca/cxf/JCABusFactory.java | 12 +-
integration/pom.xml | 2 +-
integration/spring-boot/autoconfigure/pom.xml | 2 +-
integration/spring-boot/pom.xml | 2 +-
integration/spring-boot/starter-jaxrs/pom.xml | 2 +-
integration/spring-boot/starter-jaxws/pom.xml | 2 +-
integration/tracing/tracing-brave/pom.xml | 2 +-
.../cxf/tracing/brave/BraveTracerContext.java | 2 +-
integration/tracing/tracing-opentracing/pom.xml | 2 +-
.../tracing/opentracing/OpenTracingContext.java | 2 +-
maven-plugins/archetypes/cxf-jaxrs-service/pom.xml | 2 +-
.../archetypes/cxf-jaxws-javafirst/pom.xml | 4 +-
.../archetypes/cxf-jaxws-wsdlfirst/pom.xml | 2 +-
maven-plugins/archetypes/pom.xml | 2 +-
maven-plugins/codegen-plugin/pom.xml | 2 +-
.../cxf/maven_plugin/wsdl2java/WSDL2JavaMojo.java | 12 +-
maven-plugins/corba/pom.xml | 2 +-
maven-plugins/java2swagger-plugin/pom.xml | 4 +-
.../java2swagger/Java2SwaggerMojo.java | 57 ++-
.../META-INF/m2e/lifecycle-mapping-metadata.xml | 35 ++
maven-plugins/java2wadl-plugin/pom.xml | 55 ++-
.../cxf/maven_plugin/javatowadl/DumpJavaDoc.java | 2 +-
.../cxf/maven_plugin/javatowadl/Java2WADLMojo.java | 22 +-
.../cxf/maven_plugin/javatowadl/DumpJavaDoc.java | 194 +++++++++
maven-plugins/java2ws-plugin/pom.xml | 2 +-
.../META-INF/m2e/lifecycle-mapping-metadata.xml | 35 ++
maven-plugins/pom.xml | 2 +-
maven-plugins/wadl2java-plugin/pom.xml | 2 +-
maven-plugins/wsdl-validator-plugin/pom.xml | 2 +-
osgi/bundle/compatible/pom.xml | 2 +-
osgi/bundle/pom.xml | 2 +-
osgi/itests-felix/pom.xml | 2 +-
osgi/itests/pom.xml | 4 +-
.../apache/cxf/osgi/itests/CXFOSGiTestSupport.java | 8 +-
osgi/karaf/commands/pom.xml | 2 +-
osgi/karaf/features/pom.xml | 2 +-
.../karaf/features/src/main/resources/features.xml | 6 +-
osgi/karaf/pom.xml | 2 +-
osgi/pom.xml | 2 +-
osgi/repository/pom.xml | 2 +-
parent/pom.xml | 127 ++++--
pom.xml | 4 +-
rt/bindings/coloc/pom.xml | 2 +-
rt/bindings/corba/pom.xml | 2 +-
.../apache/cxf/binding/corba/utils/CorbaUtils.java | 20 +-
rt/bindings/pom.xml | 2 +-
rt/bindings/soap/pom.xml | 2 +-
rt/bindings/xml/pom.xml | 2 +-
rt/databinding/aegis/pom.xml | 2 +-
.../org/apache/cxf/aegis/type/XMLTypeCreator.java | 27 +-
.../apache/cxf/aegis/type/basic/CalendarType.java | 8 +-
.../apache/cxf/aegis/type/basic/DateTimeType.java | 8 +-
.../org/apache/cxf/aegis/type/basic/DateType.java | 8 +-
.../org/apache/cxf/aegis/type/basic/TimeType.java | 10 +-
.../apache/cxf/aegis/type/basic/TimestampType.java | 10 +-
.../cxf/aegis/type/basic/TimezoneLessDateType.java | 8 +-
.../apache/cxf/aegis/type/mtom/ByteArrayType.java | 27 +-
.../inheritance/ExceptionInheritanceTest.java | 2 +
.../org/apache/cxf/aegis/type/basic/BeanTest.java | 2 +
.../apache/cxf/aegis/type/basic/ByteDataTest.java | 2 +
.../cxf/aegis/type/basic/DynamicProxyTest.java | 2 +
.../cxf/aegis/type/basic/QualificationTest.java | 2 +
.../cxf/aegis/type/encoded/ArrayTypeInfoTest.java | 2 +
.../cxf/aegis/type/encoded/SoapArrayTypeTest.java | 2 +
.../cxf/aegis/type/encoded/StructTypeTest.java | 2 +
rt/databinding/jaxb/pom.xml | 2 +-
rt/databinding/pom.xml | 2 +-
rt/features/clustering/pom.xml | 2 +-
rt/features/logging/pom.xml | 2 +-
.../cxf/ext/logging/LoggingInInterceptor.java | 16 -
.../cxf/ext/logging/LoggingOutInterceptor.java | 2 +-
.../cxf/ext/logging/LoggingOutputStream.java | 74 ++++
.../org/apache/cxf/ext/logging/osgi/Activator.java | 10 +-
rt/features/metrics/pom.xml | 2 +-
rt/features/pom.xml | 2 +-
rt/features/throttling/pom.xml | 2 +-
rt/frontend/jaxrs/pom.xml | 2 +-
.../org/apache/cxf/jaxrs/JAXRSBindingFactory.java | 5 +-
.../jaxrs/blueprint/JAXRSBPNamespaceHandler.java | 38 ++
.../JAXRSServerFactoryBeanDefinitionParser.java | 46 ++-
.../cxf/jaxrs/interceptor/JAXRSOutInterceptor.java | 2 +-
.../spring/AbstractSpringConfigurationFactory.java | 3 +-
.../org/apache/cxf/jaxrs/utils/JAXRSUtils.java | 6 +
.../main/resources/META-INF/cxf/bus-extensions.txt | 1 +
rt/frontend/jaxws/pom.xml | 2 +-
.../org/apache/cxf/jaxws/EndpointImplTest.java | 19 +-
.../apache/cxf/jaxws/spring/SpringBeansTest.java | 8 +-
rt/frontend/js/pom.xml | 2 +-
rt/frontend/pom.xml | 2 +-
rt/frontend/simple/pom.xml | 2 +-
rt/javascript/javascript-rt/pom.xml | 2 +-
rt/javascript/javascript-tests/pom.xml | 2 +-
rt/javascript/pom.xml | 2 +-
rt/management/pom.xml | 2 +-
.../cxf/management/InstrumentationManagerTest.java | 16 +-
rt/pom.xml | 2 +-
rt/rs/client/pom.xml | 2 +-
.../apache/cxf/jaxrs/client/ClientProxyImpl.java | 3 +-
rt/rs/description-common-openapi/pom.xml | 2 +-
.../jaxrs/common/openapi/SwaggerProperties.java | 24 +-
.../pom.xml | 51 ++-
.../microprofile/openapi/OpenApiEndpoint.java} | 33 +-
.../jaxrs/microprofile/openapi/OpenApiFeature.java | 455 +++++++++++++++++++++
.../cxf/jaxrs/microprofile/openapi/SwaggerUi.java | 47 +++
rt/rs/description-openapi-v3/pom.xml | 2 +-
.../apache/cxf/jaxrs/openapi/OpenApiFeature.java | 68 ++-
rt/rs/description-swagger-ui/pom.xml | 2 +-
rt/rs/description-swagger/pom.xml | 2 +-
rt/rs/description/pom.xml | 2 +-
rt/rs/extensions/json-basic/pom.xml | 2 +-
rt/rs/extensions/providers/pom.xml | 2 +-
.../jaxrs/provider/jsrjsonp/JsrJsonpProvider.java | 16 +-
rt/rs/extensions/reactivestreams/pom.xml | 2 +-
rt/rs/extensions/reactor/pom.xml | 2 +-
rt/rs/extensions/rx/pom.xml | 2 +-
rt/rs/extensions/rx2/pom.xml | 2 +-
rt/rs/extensions/search/pom.xml | 2 +-
.../jaxrs/ext/search/hbase/HBaseVisitorTest.java | 5 +-
.../tika/TikaLuceneContentExtractorTest.java | 7 +-
rt/rs/http-sci/pom.xml | 2 +-
rt/rs/microprofile-client/pom.xml | 8 +-
.../microprofile/client/MPRestClientCallback.java | 86 ++--
.../client/proxy/MicroProfileClientProxyImpl.java | 3 +-
.../apache/cxf/microprofile/client/AsyncTest.java | 56 +++
.../cxf/microprofile/client/mock/AsyncClient.java | 16 +-
rt/rs/pom.xml | 3 +-
rt/rs/security/cors/pom.xml | 2 +-
rt/rs/security/http-signature/pom.xml | 2 +-
rt/rs/security/jcs-parent/jcs/pom.xml | 2 +-
rt/rs/security/jcs-parent/pom.xml | 2 +-
rt/rs/security/jose-parent/jose-jaxrs/pom.xml | 2 +-
rt/rs/security/jose-parent/jose/pom.xml | 2 +-
.../jose/common/PrivateKeyPasswordProvider.java | 23 --
rt/rs/security/jose-parent/pom.xml | 2 +-
rt/rs/security/oauth-parent/oauth/pom.xml | 2 +-
rt/rs/security/oauth-parent/oauth2-saml/pom.xml | 2 +-
rt/rs/security/oauth-parent/oauth2/pom.xml | 2 +-
.../cxf/rs/security/oauth2/client/Consumer.java | 19 -
.../cxf/rs/security/oauth2/common/OAuthError.java | 6 +
.../rs/security/oauth2/common/OAuthPermission.java | 7 -
.../oauth2/provider/OAuthServiceException.java | 4 +
rt/rs/security/oauth-parent/pom.xml | 2 +-
rt/rs/security/pom.xml | 2 +-
rt/rs/security/sso/oidc/pom.xml | 2 +-
rt/rs/security/sso/saml/pom.xml | 2 +-
rt/rs/security/xml/pom.xml | 2 +-
rt/rs/sse/pom.xml | 2 +-
rt/security-saml/pom.xml | 2 +-
rt/security/pom.xml | 2 +-
.../apache/cxf/rt/security/SecurityConstants.java | 12 +-
.../org/apache/cxf/rt/security/claims/Claim.java | 5 +
rt/transports/http-hc/pom.xml | 2 +-
rt/transports/http-jetty/pom.xml | 2 +-
.../http_jetty/JettyHTTPServerEngine.java | 2 +
rt/transports/http-netty/netty-client/pom.xml | 2 +-
.../http/netty/client/NettyHttpConduit.java | 4 +-
rt/transports/http-netty/netty-server/pom.xml | 2 +-
.../http/netty/server/NettyHttpServletHandler.java | 19 +-
.../server/interceptor/HttpSessionInterceptor.java | 5 +-
.../server/servlet/NettyHttpServletRequest.java | 32 +-
.../netty/server/servlet/NettyServletResponse.java | 27 +-
.../transport/http/netty/server/util/Utils.java | 2 +-
rt/transports/http-undertow/pom.xml | 2 +-
rt/transports/http/pom.xml | 2 +-
rt/transports/jms/pom.xml | 2 +-
rt/transports/local/pom.xml | 2 +-
.../transport/local/LocalTransportFactoryTest.java | 24 +-
rt/transports/pom.xml | 2 +-
rt/transports/udp/pom.xml | 2 +-
rt/transports/websocket/pom.xml | 2 +-
rt/ws/addr/pom.xml | 2 +-
rt/ws/eventing/pom.xml | 2 +-
rt/ws/mex/pom.xml | 2 +-
rt/ws/policy/pom.xml | 2 +-
rt/ws/pom.xml | 2 +-
rt/ws/rm/pom.xml | 2 +-
.../apache/cxf/ws/rm/RMCaptureInInterceptor.java | 13 +-
.../cxf/ws/rm/persistence/PersistenceUtils.java | 2 +-
.../cxf/ws/rm/persistence/jdbc/RMTxStore.java | 91 ++---
.../cxf/ws/rm/soap/RetransmissionQueueImpl.java | 2 +-
.../java/org/apache/cxf/ws/rm/RMManagerTest.java | 10 +-
.../org/apache/cxf/ws/rm/SourceSequenceTest.java | 2 +-
.../ws/rm/persistence/PersistenceUtilsTest.java | 10 +-
rt/ws/security/pom.xml | 2 +-
.../apache/cxf/ws/security/SecurityConstants.java | 17 +-
.../cxf/ws/security/kerberos/KerberosClient.java | 23 --
.../interceptors/STSTokenOutInterceptor.java | 75 ----
.../cxf/ws/security/trust/AbstractSTSClient.java | 39 +-
.../cxf/ws/security/trust/Messages.properties | 1 +
.../apache/cxf/ws/security/trust/STSClient.java | 26 ++
.../org/apache/cxf/ws/security/trust/STSUtils.java | 28 ++
.../security/wss4j/AttachmentCallbackHandler.java | 19 +-
.../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 17 +-
.../cxf/ws/security/wss4j/WSS4JOutInterceptor.java | 11 -
.../policyhandlers/AbstractBindingBuilder.java | 3 +-
.../ws/security/wss4j/AbstractSecurityTest.java | 17 +-
.../security/wss4j/SignatureConfirmationTest.java | 34 +-
.../cxf/ws/security/wss4j/WSS4JFaultCodeTest.java | 56 +--
.../cxf/ws/security/wss4j/WSS4JInOutTest.java | 30 +-
rt/ws/transfer/pom.xml | 2 +-
rt/wsdl/pom.xml | 2 +-
.../AbstractEndpointSelectionInterceptor.java | 3 +-
.../wsdl/interceptors/WrappedOutInterceptor.java | 2 +-
.../apache/cxf/wsdl11/WSDLServiceBuilderTest.java | 2 +-
services/pom.xml | 2 +-
services/sts/pom.xml | 2 +-
services/sts/sts-core/pom.xml | 4 +-
.../org/apache/cxf/sts/StaticSTSProperties.java | 18 -
.../cxf/sts/claims/mapper/JexlClaimsMapper.java | 22 +-
.../cxf/sts/token/canceller/SCTCanceller.java | 6 +-
.../cxf/sts/token/realm/RealmProperties.java | 9 -
.../sts/token/provider/SAMLProviderRealmTest.java | 6 +-
services/sts/systests/advanced/pom.xml | 2 +-
.../systest/sts/cross_domain/CrossDomainTest.java | 54 ++-
.../cxf/systest/sts/asymmetric_encr/cxf-sts.xml | 4 +-
.../systest/sts/asymmetric_encr/stax-cxf-sts.xml | 4 +-
.../org/apache/cxf/systest/sts/batch/cxf-sts.xml | 4 +-
.../apache/cxf/systest/sts/batch/stax-cxf-sts.xml | 4 +-
.../{cxf-client.xml => cxf-client-b.xml} | 25 +-
.../{cxf-client.xml => cxf-client-mex.xml} | 21 -
.../cxf/systest/sts/cross_domain/cxf-client.xml | 26 +-
.../cxf/systest/sts/cross_domain/cxf-sts-saml1.xml | 6 +-
.../cxf/systest/sts/cross_domain/cxf-sts-saml2.xml | 2 +-
.../cxf/systest/sts/custom/cxf-sts-common.xml | 4 +-
.../cxf/systest/sts/custom_onbehalfof/cxf-sts.xml | 4 +-
.../sts/defaultstsprovider/cxf-sts-common.xml | 4 +-
.../cxf/systest/sts/deployment/cxf-sts-common.xml | 4 +-
.../systest/sts/distributed_caching/cxf-sts-1.xml | 4 +-
.../cxf/systest/sts/realms/cxf-sts-saml1.xml | 2 +-
.../cxf/systest/sts/realms/cxf-sts-saml2.xml | 2 +-
.../apache/cxf/systest/sts/renew/cxf-sts-pop.xml | 4 +-
.../org/apache/cxf/systest/sts/renew/cxf-sts.xml | 4 +-
.../apache/cxf/systest/sts/renew/stax-cxf-sts.xml | 4 +-
.../apache/cxf/systest/sts/secure_conv/cxf-sts.xml | 4 +-
.../cxf/systest/sts/secure_conv/stax-cxf-sts.xml | 4 +-
.../cxf/systest/sts/sts_sender_vouches/cxf-sts.xml | 4 +-
.../sts/sts_sender_vouches/stax-cxf-sts.xml | 4 +-
services/sts/systests/basic/pom.xml | 2 +-
.../sts/stsclient/AbstractSTSTokenTest.java | 3 +
.../systest/sts/delegation/cxf-sts-transport.xml | 4 +-
.../cxf/systest/sts/deployment/sts/cxf-sts.xml | 4 +-
.../apache/cxf/systest/sts/rest/cxf-rest-sts.xml | 4 +-
services/sts/systests/pom.xml | 2 +-
services/sts/systests/sts-features/pom.xml | 2 +-
services/sts/systests/sts-itests/pom.xml | 2 +-
services/sts/systests/sts-osgi/pom.xml | 2 +-
.../resources/OSGI-INF/blueprint/blueprint.xml | 2 +-
services/ws-discovery/pom.xml | 2 +-
services/ws-discovery/ws-discovery-api/pom.xml | 2 +-
services/ws-discovery/ws-discovery-service/pom.xml | 2 +-
services/wsn/pom.xml | 2 +-
services/wsn/wsn-api/pom.xml | 2 +-
services/wsn/wsn-core/pom.xml | 2 +-
services/wsn/wsn-osgi/pom.xml | 2 +-
services/xkms/pom.xml | 2 +-
services/xkms/xkms-client/pom.xml | 2 +-
services/xkms/xkms-common/pom.xml | 2 +-
services/xkms/xkms-features/pom.xml | 2 +-
services/xkms/xkms-itests/pom.xml | 2 +-
services/xkms/xkms-osgi/pom.xml | 2 +-
services/xkms/xkms-service/pom.xml | 2 +-
services/xkms/xkms-war/pom.xml | 2 +-
services/xkms/xkms-x509-handlers/pom.xml | 2 +-
services/xkms/xkms-x509-repo-ldap/pom.xml | 2 +-
.../xkms/x509/repo/ldap/LdapCertificateRepo.java | 21 +-
.../cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java | 2 +-
systests/cdi/base/pom.xml | 2 +-
systests/cdi/cdi-owb/cdi-multiple-apps-owb/pom.xml | 2 +-
systests/cdi/cdi-owb/cdi-no-apps-owb/pom.xml | 2 +-
systests/cdi/cdi-owb/cdi-producers-owb/pom.xml | 2 +-
systests/cdi/cdi-owb/pom.xml | 2 +-
.../cdi/cdi-weld/cdi-multiple-apps-weld/pom.xml | 2 +-
systests/cdi/cdi-weld/cdi-no-apps-weld/pom.xml | 2 +-
systests/cdi/cdi-weld/cdi-producers-weld/pom.xml | 2 +-
systests/cdi/cdi-weld/pom.xml | 2 +-
systests/cdi/pom.xml | 2 +-
systests/container-integration/grizzly/pom.xml | 2 +-
systests/container-integration/pom.xml | 2 +-
systests/container-integration/webapp/pom.xml | 2 +-
systests/databinding/pom.xml | 2 +-
systests/jaxrs/pom.xml | 2 +-
...entServerResourceCreatedSpringProviderTest.java | 11 +-
.../cxf/systest/jaxrs/extraction/BookCatalog.java | 20 +-
.../jaxrs/failover/AbstractFailoverTest.java | 2 +-
.../cxf/systest/jaxrs/logging/LoggingServer.java | 55 +++
.../cxf/systest/jaxrs/logging/LoggingTest.java | 68 +++
.../cxf/systest/jaxrs/nio/NioBookStoreTest.java | 20 +-
.../cxf/systest/jaxrs/reactor/ReactorServer.java | 3 -
systests/jaxws/pom.xml | 2 +-
systests/kerberos/pom.xml | 2 +-
.../cxf/systest/kerberos/wssec/kerberos/client.xml | 16 +-
.../systest/kerberos/wssec/kerberos/sts-client.xml | 3 +-
.../cxf/systest/kerberos/wssec/sts/cxf-sts.xml | 4 +-
.../systest/kerberos/wssec/sts/stax-cxf-sts.xml | 4 +-
systests/ldap/pom.xml | 2 +-
.../systest/ldap/xkms/LDAPCertificateRepoTest.java | 19 +
systests/microprofile/client/async/pom.xml | 2 +-
systests/microprofile/client/jaxrs/pom.xml | 2 +-
systests/microprofile/client/tracing/pom.xml | 2 +-
systests/microprofile/client/weld/pom.xml | 2 +-
systests/microprofile/pom.xml | 2 +-
systests/pom.xml | 2 +-
systests/rs-http-sci/pom.xml | 2 +-
systests/rs-security/pom.xml | 2 +-
.../security/jose/jwejws/JwsHTTPHeaderTest.java | 1 +
.../oauth2/common/JCacheOAuthDataProviderImpl.java | 17 +-
.../security/oauth2/common/OAuth2TestUtils.java | 34 ++
.../security/oauth2/grants/PublicClientTest.java | 351 ++++++++++++++++
.../security/oauth2/filters/partner-service.xml | 4 +-
.../oauth2/grants/grants-server-public.xml | 182 +++++++++
.../jaxrs/security/oauth2/grants/publicclient.xml | 42 ++
.../jaxrs/security/oidc/filters/filters-server.xml | 4 +-
systests/rs-sse/pom.xml | 2 +-
systests/rs-sse/rs-sse-base/pom.xml | 2 +-
systests/rs-sse/rs-sse-jetty/pom.xml | 2 +-
systests/rs-sse/rs-sse-tomcat/pom.xml | 2 +-
systests/rs-sse/rs-sse-undertow/pom.xml | 2 +-
systests/tracing/pom.xml | 2 +-
systests/transport-jms/pom.xml | 2 +-
.../cxf/systest/jms/JMSClientServerTest.java | 6 +-
systests/transport-undertow/pom.xml | 2 +-
systests/transports-ssl3/pom.xml | 2 +-
systests/transports/pom.xml | 2 +-
.../apache/cxf/systest/http/HTTPConduitTest.java | 6 +-
.../cxf/systest/https/conduit/HTTPSClientTest.java | 4 +-
.../systest/https/conduit/HTTPSConduitTest.java | 6 +-
.../https/constraints/CertConstraintsTest.java | 4 +-
systests/uncategorized/pom.xml | 2 +-
.../systest/type_test/AbstractTypeTestClient.java | 2 +-
systests/ws-rm/pom.xml | 2 +-
.../ws/rm/AbstractClientPersistenceTest.java | 14 +-
.../ws/rm/AbstractServerPersistenceTest.java | 2 +-
systests/ws-security-examples/pom.xml | 2 +-
.../systest/wssec/examples/sts/cxf-symmetric.xml | 4 +-
systests/ws-security/pom.xml | 2 +-
systests/ws-specs/pom.xml | 2 +-
systests/ws-transfer/pom.xml | 2 +-
systests/wsdl_maven/codegen/pom.xml | 2 +-
.../wsdl_maven/codegen/src/it/cxf-4004/pom.xml | 2 +-
.../wsdl_maven/codegen/src/it/it-parent/pom.xml | 2 +-
systests/wsdl_maven/java2ws/pom.xml | 2 +-
systests/wsdl_maven/pom.xml | 2 +-
testutils/pom.xml | 2 +-
.../greeter_control/FaultThrowingInterceptor.java | 7 +-
.../wsdl/type_test/type_test_tester_java.xsl | 2 -
tools/common/pom.xml | 2 +-
.../apache/cxf/tools/common/VelocityGenerator.java | 4 +-
.../java/org/apache/cxf/tools/util/JAXBUtils.java | 14 +-
tools/corba/pom.xml | 2 +-
.../corba/processors/idl/IDLToWSDLProcessor.java | 12 +-
.../corba/processors/wsdl/WSDLToCorbaBinding.java | 12 +-
.../idlpreprocessor/IdlPreprocessorReaderTest.java | 6 +-
tools/javato/pom.xml | 2 +-
tools/javato/ws/pom.xml | 2 +-
.../tools/java2js/processor/JavaToJSProcessor.java | 34 +-
tools/pom.xml | 2 +-
tools/validator/pom.xml | 2 +-
tools/wadlto/jaxrs/pom.xml | 2 +-
tools/wadlto/pom.xml | 2 +-
tools/wsdlto/core/pom.xml | 2 +-
.../cxf/tools/wsdlto/WSDLToJavaContainer.java | 34 +-
.../apache/cxf/tools/wsdlto/core/PluginLoader.java | 39 +-
tools/wsdlto/databinding/jaxb/pom.xml | 2 +-
.../wsdlto/databinding/jaxb/JAXBDataBinding.java | 2 +-
tools/wsdlto/frontend/javascript/pom.xml | 2 +-
.../javascript/WSDLToJavaScriptProcessor.java | 42 +-
tools/wsdlto/frontend/jaxws/pom.xml | 2 +-
.../jaxws/customization/CustomizationParser.java | 2 +-
tools/wsdlto/misc/pom.xml | 2 +-
tools/wsdlto/pom.xml | 2 +-
tools/wsdlto/test/pom.xml | 2 +-
532 files changed, 3723 insertions(+), 2104 deletions(-)
create mode 100644 distribution/src/main/release/samples/jax_rs/description_openapi_microprofile_spring/README.txt
copy distribution/src/main/release/samples/jax_rs/{description_openapi_v3_spring => description_openapi_microprofile_spring}/pom.xml (83%)
create mode 100644 distribution/src/main/release/samples/jax_rs/description_openapi_microprofile_spring/src/main/java/demo/jaxrs/openapi/server/AppConfig.java
copy distribution/src/main/release/samples/jax_rs/{description_openapi_v3_web => description_openapi_microprofile_spring}/src/main/java/demo/jaxrs/openapi/server/Item.java (100%)
create mode 100644 distribution/src/main/release/samples/jax_rs/description_openapi_microprofile_spring/src/main/java/demo/jaxrs/openapi/server/Sample.java
rename services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java => distribution/src/main/release/samples/jax_rs/description_openapi_microprofile_spring/src/main/java/demo/jaxrs/openapi/server/Server.java (57%)
copy {systests/rs-sse/rs-sse-base => distribution/src/main/release/samples/jax_rs/description_openapi_microprofile_spring}/src/main/resources/META-INF/cxf/org.apache.cxf.Logger (100%)
copy distribution/src/main/release/samples/jax_rs/{description_swagger2_spring => description_openapi_microprofile_spring}/src/main/resources/logback.xml (100%)
create mode 100644 maven-plugins/java2swagger-plugin/src/main/resources/META-INF/m2e/lifecycle-mapping-metadata.xml
create mode 100644 maven-plugins/java2wadl-plugin/src/main/java13/org/apache/cxf/maven_plugin/javatowadl/DumpJavaDoc.java
create mode 100644 maven-plugins/java2ws-plugin/src/main/resources/META-INF/m2e/lifecycle-mapping-metadata.xml
create mode 100644 rt/features/logging/src/main/java/org/apache/cxf/ext/logging/LoggingOutputStream.java
create mode 100644 rt/frontend/jaxrs/src/main/resources/META-INF/cxf/bus-extensions.txt
copy rt/rs/{description-swagger => description-microprofile-openapi}/pom.xml (72%)
rename rt/rs/{security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/provider/PublicKeyProvider.java => description-microprofile-openapi/src/main/java/org/apache/cxf/jaxrs/microprofile/openapi/OpenApiEndpoint.java} (55%)
create mode 100644 rt/rs/description-microprofile-openapi/src/main/java/org/apache/cxf/jaxrs/microprofile/openapi/OpenApiFeature.java
create mode 100644 rt/rs/description-microprofile-openapi/src/main/java/org/apache/cxf/jaxrs/microprofile/openapi/SwaggerUi.java
create mode 100644 rt/rs/microprofile-client/src/test/java/org/apache/cxf/microprofile/client/AsyncTest.java
rename services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/STSFailureEvent.java => rt/rs/microprofile-client/src/test/java/org/apache/cxf/microprofile/client/mock/AsyncClient.java (70%)
delete mode 100644 rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
copy services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/{cxf-client.xml => cxf-client-b.xml} (70%)
copy services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/{cxf-client.xml => cxf-client-mex.xml} (72%)
create mode 100644 systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/logging/LoggingServer.java
create mode 100644 systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/logging/LoggingTest.java
create mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-public.xml
create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/publicclient.xml
[cxf] 04/11: Picking up changes to symmetricKey in WSSEcEncryptedKey
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 10752ce70adc057e8b485f58e74870dea3bfbdf7
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 29 17:11:03 2019 +0000
Picking up changes to symmetricKey in WSSEcEncryptedKey
---
.../saml/sso/AbstractSAMLCallbackHandler.java | 11 +-
.../policyhandlers/AbstractBindingBuilder.java | 7 +-
.../policyhandlers/AsymmetricBindingHandler.java | 256 +++++++++++---------
.../policyhandlers/SymmetricBindingHandler.java | 261 ++++++++++++---------
.../policyhandlers/TransportBindingHandler.java | 12 +-
.../wss4j/saml/AbstractSAMLCallbackHandler.java | 8 +-
.../cxf/sts/operation/AbstractOperation.java | 14 +-
.../sts/token/provider/DefaultSubjectProvider.java | 16 +-
.../cxf/sts/token/provider/TokenProviderUtils.java | 10 +-
.../cxf/sts/operation/IssueSamlUnitTest.java | 10 +-
10 files changed, 358 insertions(+), 247 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index 35d3deb..e473bdf 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -23,6 +23,8 @@ import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -43,6 +45,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.joda.time.DateTime;
@@ -212,8 +215,12 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
- ephemeralKey = encrKey.getSymmetricKey().getEncoded();
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKey.prepare(null, symmetricKey);
+ ephemeralKey = symmetricKey.getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 619d4b5..90d42ce 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -35,6 +35,7 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.XMLConstants;
import javax.xml.crypto.dsig.Reference;
@@ -1502,7 +1503,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException {
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token,
+ SecretKey symmetricKey) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader);
encrKey.setIdAllocator(wssConfig.getIdAllocator());
encrKey.setCallbackLookup(callbackLookup);
@@ -1523,11 +1525,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String encrUser = setEncryptionUser(encrKey, token, false, crypto);
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
- encrKey.setSymmetricEncAlgorithm(algType.getEncryption());
encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encrKey.setMGFAlgorithm(algType.getMGFAlgo());
- encrKey.prepare(crypto);
+ encrKey.prepare(crypto, symmetricKey);
if (alsoIncludeToken) {
X509Certificate encCert = getEncryptCert(crypto, encrUser);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 40d6ee4..5806b3e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -28,6 +28,8 @@ import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -54,6 +56,7 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -224,12 +227,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
encToken = abinding.getInitiatorToken();
}
}
- doEncryption(encToken, enc, false);
+
if (encToken != null) {
+ if (encToken.getToken() != null && !enc.isEmpty()) {
+ if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ doEncryptionDerived(encToken, enc);
+ } else {
+ String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ SecretKey symmetricKey = keyGen.generateKey();
+ doEncryption(encToken, enc, false, symmetricKey);
+ }
+ }
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
}
-
} catch (Exception e) {
String reason = e.getMessage();
LOG.log(Level.WARNING, "Sign before encryption failed due to : " + reason);
@@ -333,9 +345,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
WSSecBase encrBase = null;
+ SecretKey symmetricKey = null;
if (encryptionToken != null && !encrParts.isEmpty()) {
- encrBase = doEncryption(wrapper, encrParts, true);
- handleEncryptedSignedHeaders(encrParts, sigParts);
+ if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ encrBase = doEncryptionDerived(wrapper, encrParts);
+ } else {
+ String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ try {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ encrBase = doEncryption(wrapper, encrParts, true, symmetricKey);
+ } catch (WSSecurityException ex) {
+ LOG.log(Level.FINE, ex.getMessage(), ex);
+ throw new Fault(ex);
+ }
+ }
}
if (!isRequestor()) {
@@ -369,12 +393,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encrBase != null) {
- encryptTokensInSecurityHeader(encryptionToken, encrBase);
+ encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
}
}
- private void encryptTokensInSecurityHeader(AbstractToken encryptionToken, WSSecBase encrBase) {
+ private void encryptTokensInSecurityHeader(AbstractToken encryptionToken,
+ WSSecBase encrBase,
+ SecretKey symmetricKey) {
List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
// Check for signature protection
@@ -428,7 +454,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else {
this.insertBeforeBottomUp(secondRefList);
}
- ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
+ ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts, symmetricKey);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -439,125 +465,121 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
private WSSecBase doEncryption(AbstractTokenWrapper recToken,
List<WSEncryptionPart> encrParts,
- boolean externalRef) {
- //Do encryption
- if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
- AbstractToken encrToken = recToken.getToken();
- assertPolicy(recToken);
- assertPolicy(encrToken);
- AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
- if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
- }
- try {
- WSSecEncrypt encr = new WSSecEncrypt(secHeader);
- encr.setEncryptionSerializer(new StaxSerializer());
- encr.setIdAllocator(wssConfig.getIdAllocator());
- encr.setCallbackLookup(callbackLookup);
- encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
- encr.setStoreBytesInAttachment(storeBytesInAttachment);
- encr.setExpandXopInclude(isExpandXopInclude());
- encr.setWsDocInfo(wsDocInfo);
-
- Crypto crypto = getEncryptionCrypto();
-
- SecurityToken securityToken = getSecurityToken();
- if (!isRequestor() && securityToken != null
- && recToken.getToken() instanceof SamlToken) {
- String tokenType = securityToken.getTokenType();
- if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML_NS.equals(tokenType)) {
- encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- encr.setCustomEKTokenId(securityToken.getId());
- } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML2_NS.equals(tokenType)) {
- encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- encr.setCustomEKTokenId(securityToken.getId());
- } else {
- setKeyIdentifierType(encr, encrToken);
- }
+ boolean externalRef,
+ SecretKey symmetricKey) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
+ try {
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+ encr.setEncryptionSerializer(new StaxSerializer());
+ encr.setIdAllocator(wssConfig.getIdAllocator());
+ encr.setCallbackLookup(callbackLookup);
+ encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
+
+ Crypto crypto = getEncryptionCrypto();
+
+ SecurityToken securityToken = getSecurityToken();
+ if (!isRequestor() && securityToken != null
+ && recToken.getToken() instanceof SamlToken) {
+ String tokenType = securityToken.getTokenType();
+ if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
+ } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML2_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
} else {
setKeyIdentifierType(encr, encrToken);
}
- //
- // Using a stored cert is only suitable for the Issued Token case, where
- // we're extracting the cert from a SAML Assertion on the provider side
- //
- if (!isRequestor() && securityToken != null
- && securityToken.getX509Certificate() != null) {
- encr.setUseThisCert(securityToken.getX509Certificate());
- } else if (!isRequestor() && securityToken != null
- && securityToken.getKey() instanceof PublicKey) {
- encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
- encr.setKeyIdentifierType(WSConstants.KEY_VALUE);
- } else {
- setEncryptionUser(encr, encrToken, false, crypto);
- }
- if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
- unassertPolicy(recToken, "Missing security configuration. "
- + "Make sure jaxws:client element is configured "
- + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
- }
- AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
- encr.setSymmetricEncAlgorithm(algType.getEncryption());
- encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
- encr.setMGFAlgorithm(algType.getMGFAlgo());
- encr.setDigestAlgorithm(algType.getEncryptionDigest());
- encr.prepare(crypto);
-
- Element encryptedKeyElement = encr.getEncryptedKeyElement();
- List<Element> attachments = encr.getAttachmentEncryptedDataElements();
- //Encrypt, get hold of the ref list and add it
- if (externalRef) {
- Element refList = encr.encryptForRef(null, encrParts);
- if (refList != null) {
- insertBeforeBottomUp(refList);
- }
- if (attachments != null) {
- for (Element attachment : attachments) {
- this.insertBeforeBottomUp(attachment);
- }
- }
- if (refList != null || (attachments != null && !attachments.isEmpty())) {
- this.addEncryptedKeyElement(encryptedKeyElement);
- }
- } else {
- Element refList = encr.encryptForRef(null, encrParts);
- if (refList != null || (attachments != null && !attachments.isEmpty())) {
- this.addEncryptedKeyElement(encryptedKeyElement);
- }
-
- // Add internal refs
- if (refList != null) {
- encryptedKeyElement.appendChild(refList);
- }
- if (attachments != null) {
- for (Element attachment : attachments) {
- this.addEncryptedKeyElement(attachment);
- }
+ } else {
+ setKeyIdentifierType(encr, encrToken);
+ }
+ //
+ // Using a stored cert is only suitable for the Issued Token case, where
+ // we're extracting the cert from a SAML Assertion on the provider side
+ //
+ if (!isRequestor() && securityToken != null
+ && securityToken.getX509Certificate() != null) {
+ encr.setUseThisCert(securityToken.getX509Certificate());
+ } else if (!isRequestor() && securityToken != null
+ && securityToken.getKey() instanceof PublicKey) {
+ encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
+ encr.setKeyIdentifierType(WSConstants.KEY_VALUE);
+ } else {
+ setEncryptionUser(encr, encrToken, false, crypto);
+ }
+ if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
+ unassertPolicy(recToken, "Missing security configuration. "
+ + "Make sure jaxws:client element is configured "
+ + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
+ }
+ AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
+ AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
+ encr.setSymmetricEncAlgorithm(algType.getEncryption());
+ encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
+ encr.setMGFAlgorithm(algType.getMGFAlgo());
+ encr.setDigestAlgorithm(algType.getEncryptionDigest());
+ encr.prepare(crypto, symmetricKey);
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+ List<Element> attachments = encr.getAttachmentEncryptedDataElements();
+ //Encrypt, get hold of the ref list and add it
+ if (externalRef) {
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ if (refList != null) {
+ insertBeforeBottomUp(refList);
+ }
+ if (attachments != null) {
+ for (Element attachment : attachments) {
+ this.insertBeforeBottomUp(attachment);
}
}
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
+ } else {
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
- // Put BST before EncryptedKey element
- if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader();
+ // Add internal refs
+ if (refList != null) {
+ encryptedKeyElement.appendChild(refList);
+ }
+ if (attachments != null) {
+ for (Element attachment : attachments) {
+ this.addEncryptedKeyElement(attachment);
+ }
}
+ }
- return encr;
- } catch (WSSecurityException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- unassertPolicy(recToken, e);
+ // Put BST before EncryptedKey element
+ if (encr.getBSTTokenId() != null) {
+ encr.prependBSTElementToHeader();
}
+
+ return encr;
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ unassertPolicy(recToken, e);
}
return null;
}
private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
- AbstractToken encrToken,
- List<WSEncryptionPart> encrParts,
- AlgorithmSuite algorithmSuite) {
+ List<WSEncryptionPart> encrParts) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
@@ -579,6 +601,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
+
+ AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
@@ -797,7 +821,11 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
private void createEncryptedKey(AbstractToken token)
throws WSSecurityException {
//Set up the encrypted key to use
- encrKey = this.getEncryptedKeyBuilder(token);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKey = this.getEncryptedKeyBuilder(token, symmetricKey);
Element bstElem = encrKey.getBinarySecurityTokenElement();
if (bstElem != null) {
// If a BST is available then use it
@@ -806,7 +834,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Add the EncryptedKey
this.addEncryptedKeyElement(encrKey.getEncryptedKeyElement());
- encryptedKeyValue = encrKey.getSymmetricKey().getEncoded();
+ encryptedKeyValue = symmetricKey.getEncoded();
encryptedKeyId = encrKey.getId();
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index e56fc39..e96cbfe 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -24,6 +24,8 @@ import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -206,7 +208,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sigParts.addAll(this.getSignedParts(null));
List<WSEncryptionPart> encrParts = getEncryptedParts();
- WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
+
+ WSSecBase encr = null;
+ SecretKey symmetricKey = null;
+ if (encryptionWrapper.getToken() != null && !encrParts.isEmpty()) {
+ if (encryptionWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ encr = doEncryptionDerived(encryptionWrapper, tok, attached, encrParts, true);
+ } else {
+ byte[] ephemeralKey = tok.getSecret();
+ String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ if (ephemeralKey != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ }
+ encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true, symmetricKey);
+ }
+ }
handleEncryptedSignedHeaders(encrParts, sigParts);
if (!isRequestor()) {
@@ -248,18 +267,18 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
secondEncrParts.addAll(encryptedTokensList);
}
- Element secondRefList = null;
+ if (!secondEncrParts.isEmpty()) {
+ Element secondRefList = null;
- if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys
- && !secondEncrParts.isEmpty()) {
- secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,
- secondEncrParts);
- } else if (!secondEncrParts.isEmpty()) {
- //Encrypt, get hold of the ref list and add it
- secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts);
- }
- if (secondRefList != null) {
- this.addDerivedKeyElement(secondRefList);
+ if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null, secondEncrParts);
+ } else {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts, symmetricKey);
+ }
+ if (secondRefList != null) {
+ this.addDerivedKeyElement(secondRefList);
+ }
}
}
}
@@ -385,23 +404,38 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (isRequestor()) {
enc.addAll(encryptedTokensList);
}
- doEncryption(encrAbstractTokenWrapper,
- encrTok,
- tokIncluded,
- enc,
- false);
+
+ if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
+ if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
+ } else {
+ byte[] ephemeralKey = encrTok.getSecret();
+ SecretKey symmetricKey = null;
+ String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ if (ephemeralKey != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ }
+ doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
+ }
+ }
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
throw new Fault(e);
}
}
- private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
+ private WSSecDKEncrypt doEncryptionDerived(AbstractTokenWrapper recToken,
SecurityToken encrTok,
- AbstractToken encrToken,
boolean attached,
List<WSEncryptionPart> encrParts,
boolean atEnd) {
+
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
@@ -506,114 +540,107 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return null;
}
- private WSSecBase doEncryption(AbstractTokenWrapper recToken,
+ private WSSecEncrypt doEncryption(AbstractTokenWrapper recToken,
SecurityToken encrTok,
boolean attached,
List<WSEncryptionPart> encrParts,
- boolean atEnd) {
- //Do encryption
- if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
- AbstractToken encrToken = recToken.getToken();
- assertPolicy(recToken);
- assertPolicy(encrToken);
- AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
- if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- return doEncryptionDerived(recToken, encrTok, encrToken,
- attached, encrParts, atEnd);
- }
- try {
- WSSecEncrypt encr = new WSSecEncrypt(secHeader);
- encr.setEncryptionSerializer(new StaxSerializer());
- encr.setIdAllocator(wssConfig.getIdAllocator());
- encr.setCallbackLookup(callbackLookup);
- encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
- encr.setStoreBytesInAttachment(storeBytesInAttachment);
- encr.setExpandXopInclude(isExpandXopInclude());
- encr.setWsDocInfo(wsDocInfo);
- String encrTokId = encrTok.getId();
- if (attached) {
- encrTokId = encrTok.getWsuId();
- if (encrTokId == null
- && (encrToken instanceof SecureConversationToken
- || encrToken instanceof SecurityContextToken)) {
- encr.setEncKeyIdDirectId(true);
- encrTokId = encrTok.getId();
- } else if (encrTokId == null) {
- encrTokId = encrTok.getId();
- }
- if (encrTokId.startsWith("#")) {
- encrTokId = encrTokId.substring(1);
- }
- } else {
+ boolean atEnd,
+ SecretKey symmetricKey) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
+ try {
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+ encr.setEncryptionSerializer(new StaxSerializer());
+ encr.setIdAllocator(wssConfig.getIdAllocator());
+ encr.setCallbackLookup(callbackLookup);
+ encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
+ String encrTokId = encrTok.getId();
+ if (attached) {
+ encrTokId = encrTok.getWsuId();
+ if (encrTokId == null
+ && (encrToken instanceof SecureConversationToken
+ || encrToken instanceof SecurityContextToken)) {
encr.setEncKeyIdDirectId(true);
+ encrTokId = encrTok.getId();
+ } else if (encrTokId == null) {
+ encrTokId = encrTok.getId();
}
- if (encrTok.getTokenType() != null) {
- encr.setCustomReferenceValue(encrTok.getTokenType());
+ if (encrTokId.startsWith("#")) {
+ encrTokId = encrTokId.substring(1);
}
- encr.setEncKeyId(encrTokId);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
- encr.setEphemeralKey(encrTok.getSecret());
- Crypto crypto = getEncryptionCrypto();
- if (crypto != null) {
- setEncryptionUser(encr, encrToken, false, crypto);
- }
-
- encr.setEncryptSymmKey(false);
- encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
- encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
+ } else {
+ encr.setEncKeyIdDirectId(true);
+ }
+ if (encrTok.getTokenType() != null) {
+ encr.setCustomReferenceValue(encrTok.getTokenType());
+ }
+ encr.setEncKeyId(encrTokId);
+ AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+ Crypto crypto = getEncryptionCrypto();
+ if (crypto != null) {
+ setEncryptionUser(encr, encrToken, false, crypto);
+ }
- if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
- || encrToken instanceof SecureConversationToken) {
- //Setting the AttachedReference or the UnattachedReference according to the flag
- Element ref;
- if (attached) {
- ref = encrTok.getAttachedReference();
- } else {
- ref = encrTok.getUnattachedReference();
- }
+ encr.setEncryptSymmKey(false);
+ encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
+ encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
- String tokenType = encrTok.getTokenType();
- if (ref != null) {
- SecurityTokenReference secRef =
- new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
- encr.setSecurityTokenReference(secRef);
- } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML_NS.equals(tokenType)) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML2_NS.equals(tokenType)) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- } else {
- encr.setCustomReferenceValue(tokenType);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- }
- } else if (encrToken instanceof UsernameToken) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
- } else if (encrToken instanceof KerberosToken && !isRequestor()) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
- encr.setEncKeyId(encrTok.getSHA1());
- } else if (!isRequestor() && encrTok.getSHA1() != null) {
- encr.setCustomReferenceValue(encrTok.getSHA1());
- encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
+ || encrToken instanceof SecureConversationToken) {
+ //Setting the AttachedReference or the UnattachedReference according to the flag
+ Element ref;
+ if (attached) {
+ ref = encrTok.getAttachedReference();
+ } else {
+ ref = encrTok.getUnattachedReference();
}
- encr.prepare(crypto);
-
- if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader();
+ String tokenType = encrTok.getTokenType();
+ if (ref != null) {
+ SecurityTokenReference secRef =
+ new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
+ encr.setSecurityTokenReference(secRef);
+ } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML_NS.equals(tokenType)) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML2_NS.equals(tokenType)) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else {
+ encr.setCustomReferenceValue(tokenType);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
+ } else if (encrToken instanceof UsernameToken) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
+ } else if (encrToken instanceof KerberosToken && !isRequestor()) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
+ encr.setEncKeyId(encrTok.getSHA1());
+ } else if (!isRequestor() && encrTok.getSHA1() != null) {
+ encr.setCustomReferenceValue(encrTok.getSHA1());
+ encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
- Element refList = encr.encryptForRef(null, encrParts);
- List<Element> attachments = encr.getAttachmentEncryptedDataElements();
- addAttachmentsForEncryption(atEnd, refList, attachments);
+ encr.prepare(crypto, symmetricKey);
- return encr;
- } catch (WSSecurityException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- unassertPolicy(recToken, e);
+ if (encr.getBSTTokenId() != null) {
+ encr.prependBSTElementToHeader();
}
+
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ List<Element> attachments = encr.getAttachmentEncryptedDataElements();
+ addAttachmentsForEncryption(atEnd, refList, attachments);
+
+ return encr;
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ unassertPolicy(recToken, e);
}
return null;
}
@@ -914,10 +941,14 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
- WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken, symmetricKey);
assertTokenWrapper(wrapper);
String id = encrKey.getId();
- byte[] secret = encrKey.getSymmetricKey().getEncoded();
+ byte[] secret = symmetricKey.getEncoded();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 208d391..8af27ae 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -25,6 +25,8 @@ import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
@@ -51,6 +53,7 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.SecurityTokenReference;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.WSSecDKSign;
@@ -357,7 +360,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(token);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(token, symmetricKey);
assertPolicy(wrapper);
Element bstElem = encrKey.getBinarySecurityTokenElement();
@@ -380,10 +387,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setExpandXopInclude(isExpandXopInclude());
dkSig.setWsDocInfo(wsDocInfo);
- AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(encrKey.getSymmetricKey().getEncoded(), encrKey.getId());
+ dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
dkSig.prepare();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
index 0e54cf2..158e5f8 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
@@ -23,6 +23,8 @@ import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -40,6 +42,7 @@ import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -170,7 +173,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKey.prepare(null, symmetricKey);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index ba5bb13..0b4b80c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -29,6 +29,8 @@ import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -77,6 +79,7 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -375,10 +378,17 @@ public abstract class AbstractOperation {
WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
builder.setUserInfo(name);
builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
- builder.setEphemeralKey(secret);
builder.setKeyEncAlgo(keyWrapAlgorithm);
- builder.prepare(stsProperties.getEncryptionCrypto());
+ SecretKey symmetricKey = null;
+ if (secret != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(encryptionProperties.getEncryptionAlgorithm(), secret);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionProperties.getEncryptionAlgorithm());
+ symmetricKey = keyGen.generateKey();
+ }
+
+ builder.prepare(stsProperties.getEncryptionCrypto(), symmetricKey);
return builder.getEncryptedKeyElement();
}
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index d5f2284..c080d4b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -27,6 +27,8 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -55,6 +57,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
/**
@@ -331,11 +334,18 @@ public class DefaultSubjectProvider implements SubjectProvider {
// Create an EncryptedKey
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
- encrKey.setEphemeralKey(secret);
- encrKey.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionAlgorithm());
encrKey.setUseThisCert(certificate);
encrKey.setKeyEncAlgo(encryptionProperties.getKeyWrapAlgorithm());
- encrKey.prepare(encryptionCrypto);
+
+ SecretKey symmetricKey = null;
+ if (secret != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(encryptionProperties.getEncryptionAlgorithm(), secret);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionProperties.getEncryptionAlgorithm());
+ symmetricKey = keyGen.generateKey();
+ }
+
+ encrKey.prepare(encryptionCrypto, symmetricKey);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
index b4cb1a7..e907da1 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
@@ -25,6 +25,8 @@ import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -43,6 +45,7 @@ import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -171,8 +174,11 @@ public final class TokenProviderUtils {
WSEncryptionPart encryptionPart = new WSEncryptionPart(id, "Element");
encryptionPart.setElement(element);
- builder.prepare(stsProperties.getEncryptionCrypto());
- builder.encryptForRef(null, Collections.singletonList(encryptionPart));
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionAlgorithm);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.prepare(stsProperties.getEncryptionCrypto(), symmetricKey);
+ builder.encryptForRef(null, Collections.singletonList(encryptionPart), symmetricKey);
return (Element)frag.getFirstChild();
}
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index 4dc76c8..ca8f151 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -26,6 +26,8 @@ import java.util.Collections;
import java.util.List;
import java.util.Properties;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -70,6 +72,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSConfig;
@@ -839,9 +842,12 @@ public class IssueSamlUnitTest {
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setKeyEncAlgo(WSS4JConstants.KEYTRANSPORT_RSAOAEP);
- builder.prepare(stsProperties.getSignatureCrypto());
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.prepare(stsProperties.getSignatureCrypto(), symmetricKey);
Element encryptedKeyElement = builder.getEncryptedKeyElement();
- byte[] secret = builder.getSymmetricKey().getEncoded();
+ byte[] secret = symmetricKey.getEncoded();
EntropyType entropyType = new EntropyType();
entropyType.getAny().add(encryptedKeyElement);
[cxf] 10/11: Use newer guava version from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2517ffb2a9dab7e93bd731f0a90b6eef3629a8c0
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu May 23 14:52:12 2019 +0100
Use newer guava version from WSS4J
---
parent/pom.xml | 5 -----
1 file changed, 5 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index 4ceea7b..69c269c 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -1343,11 +1343,6 @@
</exclusions>
</dependency>
<dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>${cxf.guava.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>2.1.4</version>
[cxf] 08/11: Set the SOAP namespace on the streaming policy
validation code
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit c68290f5da825f2026bfbf2eaebd4d74dcd05c85
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 1 16:34:02 2019 +0000
Set the SOAP namespace on the streaming policy validation code
---
.../apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java | 2 ++
.../cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index d5cd6b6..585e908 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -179,6 +179,8 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
boolean validateSchemas =
MessageUtils.getContextualBoolean(msg, "schema-validation-enabled", false);
securityProperties.setDisableSchemaValidation(!validateSchemas);
+
+ securityProperties.setSoap12(WSSConstants.NS_SOAP12.equals(msg.getVersion().getNamespace()));
}
private Collection<Pattern> convertCertConstraints(String certConstraints, String separator) {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index a455cf8..02b5081 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -55,6 +55,7 @@ import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
import org.apache.wss4j.policy.stax.enforcer.PolicyInputProcessor;
+import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
@@ -426,7 +427,6 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
if (soapAction == null) {
soapAction = "";
}
-
String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
final Collection<org.apache.cxf.message.Attachment> attachments = msg.getAttachments();
int attachmentCount = 0;
@@ -435,7 +435,8 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
}
return new PolicyEnforcer(operationPolicies, soapAction, isRequestor(msg),
actor, attachmentCount,
- new WSS4JPolicyAsserter(msg.get(AssertionInfoMap.class)));
+ new WSS4JPolicyAsserter(msg.get(AssertionInfoMap.class)),
+ WSSConstants.NS_SOAP12.equals(msg.getVersion().getNamespace()));
}
}
[cxf] 02/11: Get the encrypted key SHA value directly from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 187d3c1f52fa3500edeb450f615f6eafe1694300
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jan 25 11:27:40 2019 +0000
Get the encrypted key SHA value directly from WSS4J
---
parent/pom.xml | 5 ++---
.../ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index 8938529..4ceea7b 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -217,8 +217,7 @@
<cxf.woodstox.core.version>5.0.3</cxf.woodstox.core.version>
<cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
<cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
- <cxf.wss4j.version>2.2.4</cxf.wss4j.version>
- <cxf.xalan.version>2.7.2</cxf.xalan.version>
+ <cxf.wss4j.version>2.3.0-SNAPSHOT</cxf.wss4j.version>
<cxf.xbean.version>4.14</cxf.xbean.version>
<cxf.xerces.version>2.12.0</cxf.xerces.version>
<cxf.xmlschema.version>2.2.4</cxf.xmlschema.version>
@@ -263,7 +262,7 @@
<cxf.xalan.bundle.version>2.7.2_3</cxf.xalan.bundle.version>
<cxf.xerces.bundle.version>2.12.0_1</cxf.xerces.bundle.version>
<cxf.xmlresolver.bundle.version>1.2_5</cxf.xmlresolver.bundle.version>
- <cxf.xmlsec.bundle.version>2.1.4</cxf.xmlsec.bundle.version>
+ <cxf.xmlsec.bundle.version>2.2.0-SNAPSHOT</cxf.xmlsec.bundle.version>
<cxf.xpp3.bundle.version>1.1.4c_6</cxf.xpp3.bundle.version>
</properties>
<build>
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 87a6a30..cc37da2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -932,7 +932,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
- tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
+ tempTok.setSHA1(encrKey.getEncryptedKeySHA1());
tokenStore.add(tempTok);
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval
[cxf] 07/11: Picking up more derived key changes in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 02b88f62c2bd0be80d1777a6b26a0f218204bfad
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 1 11:20:57 2019 +0000
Picking up more derived key changes in WSS4J
---
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 1 +
.../wss4j/policyhandlers/AsymmetricBindingHandler.java | 12 ++++++++++--
.../wss4j/policyhandlers/SymmetricBindingHandler.java | 18 ++++++++++++++++--
.../wss4j/policyhandlers/TransportBindingHandler.java | 2 ++
4 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index cbd261e..63b0e7e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2097,6 +2097,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
addSig(dkSign.getSignatureValue());
+ dkSign.clean();
}
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 09cd142..3896fa5 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -229,15 +229,18 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encToken != null) {
+ WSSecBase encr = null;
if (encToken.getToken() != null && !enc.isEmpty()) {
if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encToken, enc);
+ encr = doEncryptionDerived(encToken, enc);
} else {
String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
SecretKey symmetricKey = keyGen.generateKey();
- doEncryption(encToken, enc, false, symmetricKey);
+ encr = doEncryption(encToken, enc, false, symmetricKey);
}
+
+ encr.clean();
}
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
@@ -394,6 +397,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (encrBase != null) {
encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
+ encrBase.clean();
}
}
@@ -663,6 +667,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
sig.appendBSTElementToHeader();
+ sig.clean();
}
return;
}
@@ -735,6 +740,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = dkSign.getSignatureId();
}
+ dkSign.clean();
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
@@ -781,6 +787,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = sig.getId();
}
+
+ sig.clean();
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8a4d5d9..0567126 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -283,6 +283,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
}
+
+ if (encr != null) {
+ encr.clean();
+ }
}
} catch (RuntimeException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -408,8 +412,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
+ WSSecBase encr = null;
if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
+ encr = doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
} else {
byte[] ephemeralKey = encrTok.getSecret();
SecretKey symmetricKey = null;
@@ -420,8 +425,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
symmetricKey = keyGen.generateKey();
}
- doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
+ encr = doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
}
+
+ encr.clean();
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
@@ -800,8 +807,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
this.mainSigId = dkSign.getSignatureId();
+ dkSign.clean();
return dkSign.getSignatureValue();
}
+
+ dkSign.clean();
return null;
}
@@ -933,8 +943,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
bottomUpElement = sig.getSignatureElement();
this.mainSigId = sig.getId();
+
+ sig.clean();
return sig.getSignatureValue();
}
+
+ sig.clean();
return null;
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 33ae0dd..4be39d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -404,6 +404,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.appendDKElementToHeader();
dkSig.computeSignature(referenceList, false, null);
+ dkSig.clean();
return dkSig.getSignatureValue();
}
WSSecSignature sig = getSignatureBuilder(token, false, false);
@@ -514,6 +515,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
//Do signature
dkSign.computeSignature(referenceList, false, null);
+ dkSign.clean();
return dkSign.getSignatureValue();
}
[cxf] 05/11: Create salt instead of getting it from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit eae975186c554ce1a94e45eaed8bd10395f275c3
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 30 10:48:42 2019 +0000
Create salt instead of getting it from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 34 +++++++++++++++-------
.../policyhandlers/SymmetricBindingHandler.java | 30 ++++++++++++-------
.../policyhandlers/TransportBindingHandler.java | 8 +++--
3 files changed, 49 insertions(+), 23 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 90d42ce..cc322cd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -103,6 +103,7 @@ import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
@@ -611,19 +612,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret
) throws WSSecurityException {
- if (endorse) {
- WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
+ if (endorse && isTokenRequired(token.getIncludeTokenType())) {
+ byte[] salt = UsernameTokenUtil.generateSalt(true);
+ WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt, true);
if (utBuilder != null) {
- utBuilder.prepare();
+ utBuilder.prepare(salt);
addSupportingElement(utBuilder.getUsernameTokenElement());
- ret.add(new SupportingToken(token, utBuilder, null));
+ ret.add(new SupportingToken(token, utBuilder, null, salt));
if (encryptedToken) {
WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
part.setElement(utBuilder.getUsernameTokenElement());
encryptedTokensList.add(part);
}
}
- } else {
+ } else if (!endorse) {
WSSecUsernameToken utBuilder = addUsernameToken(token);
if (utBuilder != null) {
utBuilder.prepare();
@@ -863,7 +865,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) {
+ protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt, boolean useMac) {
assertToken(token);
if (!isTokenRequired(token.getIncludeTokenType())) {
return null;
@@ -884,8 +886,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
utBuilder.setUserInfo(userName, password);
- utBuilder.addDerivedKey(useMac, null, 1000);
- utBuilder.prepare();
+ utBuilder.addDerivedKey(useMac, 1000);
+ utBuilder.prepare(salt);
} else {
unassertPolicy(token, "No password available");
return null;
@@ -1991,8 +1993,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
try {
- byte[] secret = utBuilder.getDerivedKey();
+ byte[] secret = utBuilder.getDerivedKey(supportingToken.getSalt());
secToken.setSecret(secret);
+ Arrays.fill(supportingToken.getSalt(), (byte)0);
if (supportingToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
doSymmSignatureDerived(supportingToken.getToken(), secToken, sigParts,
@@ -2356,12 +2359,19 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
private final AbstractToken token;
private final Object tokenImplementation;
private final List<WSEncryptionPart> signedParts;
+ private final byte[] salt;
SupportingToken(AbstractToken token, Object tokenImplementation,
- List<WSEncryptionPart> signedParts) {
+ List<WSEncryptionPart> signedParts) {
+ this(token, tokenImplementation, signedParts, null);
+ }
+
+ SupportingToken(AbstractToken token, Object tokenImplementation,
+ List<WSEncryptionPart> signedParts, byte[] salt) {
this.token = token;
this.tokenImplementation = tokenImplementation;
this.signedParts = signedParts;
+ this.salt = salt;
}
public AbstractToken getToken() {
@@ -2376,6 +2386,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return signedParts;
}
+ public byte[] getSalt() {
+ return salt;
+ }
+
}
protected void addSig(byte[] val) {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index e96cbfe..d824e21 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
@@ -55,6 +56,7 @@ import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -989,20 +991,26 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException {
- boolean useMac = hasSignedPartsOrElements();
- WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, useMac);
- String id = usernameToken.getId();
- byte[] secret = usernameToken.getDerivedKey();
+ assertToken(sigToken);
+ if (isTokenRequired(sigToken.getIncludeTokenType())) {
+ boolean useMac = hasSignedPartsOrElements();
+ byte[] salt = UsernameTokenUtil.generateSalt(useMac);
+ WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt, useMac);
+ String id = usernameToken.getId();
+ byte[] secret = usernameToken.getDerivedKey(salt);
+ Arrays.fill(salt, (byte)0);
- Instant created = Instant.now();
- Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
- SecurityToken tempTok =
- new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
- tempTok.setSecret(secret);
+ Instant created = Instant.now();
+ Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
+ SecurityToken tempTok =
+ new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
+ tempTok.setSecret(secret);
- tokenStore.add(tempTok);
+ tokenStore.add(tempTok);
- return id;
+ return id;
+ }
+ return null;
}
private SecurityToken getEncryptedKey() {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 8af27ae..2759256 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
@@ -54,6 +55,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.WSSecDKSign;
@@ -334,9 +336,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
addSig(doIssuedTokenSignature(token, wrapper));
} else if (token instanceof UsernameToken) {
// Create a UsernameToken object for derived keys and store the security token
- WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
+ byte[] salt = UsernameTokenUtil.generateSalt(true);
+ WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt, true);
String id = usernameToken.getId();
- byte[] secret = usernameToken.getDerivedKey();
+ byte[] secret = usernameToken.getDerivedKey(salt);
+ Arrays.fill(salt, (byte)0);
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
[cxf] 11/11: Picking up more changes in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 407e31e81fc1b5d2f6e1bd9139066be40fd96881
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Jun 17 13:44:27 2019 +0100
Picking up more changes in WSS4J
---
parent/pom.xml | 1 +
.../cxf/ws/security/trust/STSStaxTokenValidator.java | 3 ++-
.../ws/wssec10/server/CustomUsernameTokenInterceptor.java | 14 ++++++++++----
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index 69c269c..7f93d18 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -218,6 +218,7 @@
<cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
<cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
<cxf.wss4j.version>2.3.0-SNAPSHOT</cxf.wss4j.version>
+ <cxf.xalan.version>2.7.2</cxf.xalan.version>
<cxf.xbean.version>4.14</cxf.xbean.version>
<cxf.xerces.version>2.12.0</cxf.xerces.version>
<cxf.xmlschema.version>2.2.4</cxf.xmlschema.version>
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java
index ffb99e4..57429e2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java
@@ -42,6 +42,7 @@ import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.PKIPathSecurity;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.AttachmentUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -329,7 +330,7 @@ public class STSStaxTokenValidator
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
- String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
+ String passDigest = UsernameTokenUtil.doPasswordDigest(nonceVal, created, pwCb.getPassword());
if (!passwordType.getValue().equals(passDigest)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
index e04d7b5..50ea95b 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/CustomUsernameTokenInterceptor.java
@@ -26,7 +26,8 @@ import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor;
-import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
+import org.apache.xml.security.utils.XMLUtils;
public class CustomUsernameTokenInterceptor extends UsernameTokenInterceptor {
@@ -44,11 +45,16 @@ public class CustomUsernameTokenInterceptor extends UsernameTokenInterceptor {
// add roles this user is in
String roleName = "Alice".equals(name) ? "developers" : "pms";
- String expectedPassword = "Alice".equals(name) ? "ecilA"
- : UsernameToken.doPasswordDigest(nonce, created, "invalid-password");
- if (!password.equals(expectedPassword)) {
+ try {
+ String expectedPassword = "Alice".equals(name) ? "ecilA"
+ : UsernameTokenUtil.doPasswordDigest(XMLUtils.decode(nonce), created, "invalid-password");
+ if (!password.equals(expectedPassword)) {
+ throw new SecurityException("Wrong Password");
+ }
+ } catch (org.apache.wss4j.common.ext.WSSecurityException ex) {
throw new SecurityException("Wrong Password");
}
+
subject.getPrincipals().add(new SimpleGroup(roleName, name));
subject.setReadOnly();
return subject;
[cxf] 01/11: Updating Netty
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit fa6d58ca2a3520429e62204920227fe179cd86d1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 19 10:36:46 2019 +0100
Updating Netty
---
parent/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index f2ac181..8938529 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -169,7 +169,7 @@
<cxf.msv.version>2013.6.1</cxf.msv.version>
<cxf.neethi.version>3.1.1</cxf.neethi.version>
<cxf.netty.version.range>[4,5)</cxf.netty.version.range>
- <cxf.netty.version>4.1.37.Final</cxf.netty.version>
+ <cxf.netty.version>4.1.39.Final</cxf.netty.version>
<cxf.oauth.version>20100527</cxf.oauth.version>
<cxf.olingo.version>2.0.11</cxf.olingo.version>
<cxf.openjpa.version>2.4.3</cxf.openjpa.version>
[cxf] 06/11: Picking up derived key changes from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 3800d5c38c96768b0d0be0a3900469f25e41f5f2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 31 11:49:53 2019 +0000
Picking up derived key changes from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 8 ++++----
.../policyhandlers/AsymmetricBindingHandler.java | 8 ++++----
.../policyhandlers/SymmetricBindingHandler.java | 24 +++++++++-------------
.../policyhandlers/TransportBindingHandler.java | 10 ++++-----
4 files changed, 23 insertions(+), 27 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index cc322cd..cbd261e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2044,7 +2044,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (ref != null) {
ref = cloneElement(ref);
- dkSign.setExternalKey(tok.getSecret(), ref);
+ dkSign.setStrElem(ref);
} else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -2055,10 +2055,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
tokenRef.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -2074,7 +2074,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (isTokenProtection) {
String sigTokId = XMLUtils.getIDFromReference(tok.getId());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 5806b3e..09cd142 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -597,7 +597,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setupEncryptedKey(encrToken);
}
- dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setTokenIdentifier(this.encryptedKeyId);
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
@@ -606,7 +606,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(this.encryptedKeyValue);
addDerivedKeyElement(dkEncr.getdktElement());
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
@@ -681,7 +681,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkSign.setTokenIdentifier(this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
@@ -699,7 +699,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
- dkSign.prepare();
+ dkSign.prepare(this.encryptedKeyValue);
if (abinding.isProtectTokens()) {
assertPolicy(
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index d824e21..8a4d5d9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -452,13 +452,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (attached && encrTok.getAttachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getAttachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getAttachedReference()));
} else if (encrTok.getUnattachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getUnattachedReference()));
} else if (!isRequestor() && encrTok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -477,7 +473,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
tokenRef.addTokenType(tokenType);
- dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+ dkEncr.setStrElem(tokenRef.getElement());
} else {
if (attached) {
String id = encrTok.getWsuId();
@@ -492,10 +488,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (id.startsWith("#")) {
id = id.substring(1);
}
- dkEncr.setExternalKey(encrTok.getSecret(), id);
+ dkEncr.setTokenIdentifier(id);
} else {
dkEncr.setTokenIdDirectId(true);
- dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ dkEncr.setTokenIdentifier(encrTok.getId());
}
}
@@ -525,7 +521,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(encrTok.getSecret());
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
@@ -701,7 +697,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else if (!isRequestor() && policyToken.getDerivedKeys()
== DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
@@ -723,13 +719,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
tokenRef.addTokenType(tokenType);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
if ((!attached && !isRequestor()) || policyToken instanceof SecureConversationToken
|| policyToken instanceof SecurityContextToken) {
dkSign.setTokenIdDirectId(true);
}
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -769,7 +765,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (sbinding.isProtectTokens()) {
String sigTokId = tok.getId();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 2759256..33ae0dd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -393,9 +393,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
+ dkSig.setTokenIdentifier(encrKey.getId());
- dkSig.prepare();
+ dkSig.prepare(symmetricKey.getEncoded());
dkSig.getParts().addAll(sigParts);
List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
@@ -488,9 +488,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else {
- dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
+ dkSign.setTokenIdentifier(secTok.getId());
}
if (token instanceof UsernameToken) {
@@ -504,7 +504,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token.getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.prepare();
+ dkSign.prepare(secTok.getSecret());
addDerivedKeyElement(dkSign.getdktElement());
[cxf] 03/11: WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 78faeae642fe08ebb31ab6cb6c4d4a5add9a5ee6
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Jan 28 12:00:06 2019 +0000
WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
---
.../cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java | 2 +-
.../ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java | 2 +-
.../ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java | 4 ++--
.../ws/security/wss4j/policyhandlers/TransportBindingHandler.java | 2 +-
.../cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java | 6 ------
.../test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java | 2 +-
6 files changed, 6 insertions(+), 12 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index f5f051c..35d3deb 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -213,7 +213,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
encrKey.prepare(null);
- ephemeralKey = encrKey.getEphemeralKey();
+ ephemeralKey = encrKey.getSymmetricKey().getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index df31bc7..40d6ee4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -806,7 +806,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Add the EncryptedKey
this.addEncryptedKeyElement(encrKey.getEncryptedKeyElement());
- encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyValue = encrKey.getSymmetricKey().getEncoded();
encryptedKeyId = encrKey.getId();
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index cc37da2..e56fc39 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -551,6 +551,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
encr.setCustomReferenceValue(encrTok.getTokenType());
}
encr.setEncKeyId(encrTokId);
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setEphemeralKey(encrTok.getSecret());
Crypto crypto = getEncryptionCrypto();
if (crypto != null) {
@@ -558,7 +559,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
encr.setEncryptSymmKey(false);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
@@ -917,7 +917,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
assertTokenWrapper(wrapper);
String id = encrKey.getId();
- byte[] secret = encrKey.getEphemeralKey();
+ byte[] secret = encrKey.getSymmetricKey().getEncoded();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 3a1b7c4..208d391 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -383,7 +383,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+ dkSig.setExternalKey(encrKey.getSymmetricKey().getEncoded(), encrKey.getId());
dkSig.prepare();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
index 750aa90..0e54cf2 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
@@ -59,7 +59,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
protected X509Certificate[] certs;
protected Statement statement = Statement.AUTHN;
protected CERT_IDENTIFIER certIdentifier = CERT_IDENTIFIER.X509_CERT;
- protected byte[] ephemeralKey;
protected boolean multiValue = true;
public void setConfirmationMethod(String confMethod) {
@@ -78,10 +77,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
this.certs = certs;
}
- public byte[] getEphemeralKey() {
- return ephemeralKey;
- }
-
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
@@ -176,7 +171,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
encrKey.prepare(null);
- ephemeralKey = encrKey.getEphemeralKey();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index 0a31958..4dc76c8 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -841,7 +841,7 @@ public class IssueSamlUnitTest {
builder.prepare(stsProperties.getSignatureCrypto());
Element encryptedKeyElement = builder.getEncryptedKeyElement();
- byte[] secret = builder.getEphemeralKey();
+ byte[] secret = builder.getSymmetricKey().getEncoded();
EntropyType entropyType = new EntropyType();
entropyType.getAny().add(encryptedKeyElement);
[cxf] 09/11: Fixing up latest policy change in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 8c8de0398e1c805a4b4296dff4937c56f71b748e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu May 23 11:56:51 2019 +0100
Fixing up latest policy change in WSS4J
---
.../ws/security/wss4j/AlgorithmSuiteTranslater.java | 4 ++--
.../security/wss4j/PolicyBasedWSS4JInInterceptor.java | 4 ++--
.../security/wss4j/PolicyBasedWSS4JOutInterceptor.java | 4 ++--
.../wss4j/PolicyBasedWSS4JStaxInInterceptor.java | 4 ++--
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 8 ++++----
.../policyhandlers/AbstractStaxBindingHandler.java | 4 ++--
.../wss4j/policyhandlers/AsymmetricBindingHandler.java | 2 +-
.../policyhandlers/StaxAsymmetricBindingHandler.java | 6 +++---
.../policyhandlers/StaxSymmetricBindingHandler.java | 6 +++---
.../policyhandlers/StaxTransportBindingHandler.java | 18 ++++++++++--------
.../wss4j/policyhandlers/SymmetricBindingHandler.java | 4 ++--
.../wss4j/policyhandlers/TransportBindingHandler.java | 8 ++++----
.../AlgorithmSuitePolicyValidator.java | 4 ++--
.../ws/security/wss4j/CustomPolicyAlgorithmsTest.java | 4 ++--
.../apache/cxf/systest/ws/x509/SHA512PolicyLoader.java | 2 +-
15 files changed, 42 insertions(+), 40 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
index 595d419..ef73d10 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
@@ -126,8 +126,8 @@ public final class AlgorithmSuiteTranslater {
algorithmSuite.addDigestAlgorithm(algorithmSuiteType.getDigest());
}
- algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getAsymmetricSignature());
- algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getSymmetricSignature());
+ algorithmSuite.addSignatureMethod(algorithmSuiteType.getAsymmetricSignature());
+ algorithmSuite.addSignatureMethod(algorithmSuiteType.getSymmetricSignature());
algorithmSuite.addC14nAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 767be4c..640165e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -486,10 +486,10 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
if (asymSignatureAlgorithm != null) {
- algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
if (symSignatureAlgorithm != null) {
- algSuite.setSymmetricSignature(symSignatureAlgorithm);
+ algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 1a68fe0..9cb373e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -164,13 +164,13 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
String asymSignatureAlgorithm =
(String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null && binding.getAlgorithmSuite() != null) {
- binding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ binding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
String symSignatureAlgorithm =
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (symSignatureAlgorithm != null && binding.getAlgorithmSuite() != null) {
- binding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ binding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
try {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 02b5081..b321e5b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -272,10 +272,10 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
if (asymSignatureAlgorithm != null) {
- algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
if (symSignatureAlgorithm != null) {
- algSuite.setSymmetricSignature(symSignatureAlgorithm);
+ algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 63b0e7e..8cd7c24 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -581,7 +581,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
} else {
sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
}
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
Crypto crypto = secToken.getCrypto();
@@ -1901,7 +1901,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
}
sig.setUserInfo(user, password);
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
@@ -2062,7 +2062,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
//Set the algo info
- dkSign.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
dkSign.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
@@ -2154,7 +2154,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sigTokId = XMLUtils.getIDFromReference(sigTokId);
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
sig.setDigestAlgo(algType.getDigest());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index c674c99..b5a2d6b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -540,10 +540,10 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
if (binding instanceof SymmetricBinding) {
userNameKey = SecurityConstants.ENCRYPT_USERNAME;
properties.setSignatureAlgorithm(
- binding.getAlgorithmSuite().getSymmetricSignature());
+ binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
} else {
properties.setSignatureAlgorithm(
- binding.getAlgorithmSuite().getAsymmetricSignature());
+ binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
}
properties.setSignatureCanonicalizationAlgorithm(
binding.getAlgorithmSuite().getC14n().getValue());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 3896fa5..ff716f1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -689,7 +689,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setTokenIdentifier(this.encryptedKeyId);
// Set the algo info
- dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
dkSign.setSigCanonicalization(abinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDigestAlgorithm(algType.getDigest());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index bc96d32..19d8af1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -89,12 +89,12 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
String asymSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) {
- abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ abinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
String symSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (symSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) {
- abinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ abinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
if (abinding.getProtectionOrder()
@@ -451,7 +451,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureAlgorithm(
- abinding.getAlgorithmSuite().getSymmetricSignature());
+ abinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index 3d0866a..ab85195 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -112,12 +112,12 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
String asymSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
- sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
String symSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
- sbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
// Set up CallbackHandler which wraps the configured Handler
@@ -593,7 +593,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureAlgorithm(
- sbinding.getAlgorithmSuite().getSymmetricSignature());
+ sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 3f9dcf5..b64e186 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -94,12 +94,12 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
String asymSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
- tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
String symSignatureAlgorithm =
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (symSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
- tbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
TransportToken token = tbinding.getTransportToken();
@@ -315,9 +315,11 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
if (securityToken != null && securityToken.getSecret() != null) {
- properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getSymmetricSignature());
+ properties.setSignatureAlgorithm(
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
} else {
- properties.setSignatureAlgorithm(tbinding.getAlgorithmSuite().getAsymmetricSignature());
+ properties.setSignatureAlgorithm(
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
}
properties.setSignatureCanonicalizationAlgorithm(tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
@@ -344,7 +346,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
properties.setIncludeSignatureToken(true);
properties.setSignatureAlgorithm(
- tbinding.getAlgorithmSuite().getSymmetricSignature());
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(
tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
@@ -357,7 +359,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
properties.setSignatureAlgorithm(
- tbinding.getAlgorithmSuite().getAsymmetricSignature());
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(
tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
@@ -373,7 +375,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
properties.setSignatureAlgorithm(
- tbinding.getAlgorithmSuite().getSymmetricSignature());
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
properties.setSignatureCanonicalizationAlgorithm(
tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
@@ -397,7 +399,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
configureSignature(token, false);
if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureAlgorithm(
- tbinding.getAlgorithmSuite().getSymmetricSignature());
+ tbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 0567126..263982d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -736,7 +736,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
//Set the algo info
- dkSign.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
dkSign.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDigestAlgorithm(algType.getDigest());
@@ -912,7 +912,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
boolean includePrefixes =
MessageUtils.getContextualBoolean(
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 4be39d2..f0fc873 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -385,7 +385,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
- dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
dkSig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkSig.setStoreBytesInAttachment(storeBytesInAttachment);
dkSig.setExpandXopInclude(isExpandXopInclude());
@@ -499,7 +499,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
// Set the algo info
- dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ dkSign.setSignatureAlgorithm(algorithmSuite.getAlgorithmSuiteType().getSymmetricSignature());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
if (token.getVersion() == SPConstants.SPVersion.SP11) {
@@ -606,11 +606,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
sig.setUserInfo(uname, password);
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature());
} else {
crypto = getSignatureCrypto();
sig.setSecretKey(secTok.getSecret());
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
}
sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
index 0042681..b66bf1e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
@@ -117,8 +117,8 @@ public class AlgorithmSuitePolicyValidator extends AbstractSecurityPolicyValidat
) {
String signatureMethod =
(String)result.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD);
- if (!algorithmPolicy.getAsymmetricSignature().equals(signatureMethod)
- && !algorithmPolicy.getSymmetricSignature().equals(signatureMethod)) {
+ if (!algorithmPolicy.getAlgorithmSuiteType().getAsymmetricSignature().equals(signatureMethod)
+ && !algorithmPolicy.getAlgorithmSuiteType().getSymmetricSignature().equals(signatureMethod)) {
ai.setNotAsserted(
"The signature method does not match the requirement"
);
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomPolicyAlgorithmsTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomPolicyAlgorithmsTest.java
index 4f4f0bb..989b3d2 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomPolicyAlgorithmsTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomPolicyAlgorithmsTest.java
@@ -44,9 +44,9 @@ public class CustomPolicyAlgorithmsTest extends AbstractPolicySecurityTest {
AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();
// set Signature Algorithm to RSA SHA-256
- binding.getAlgorithmSuite().setAsymmetricSignature(rsaSha2SigMethod);
+ binding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(rsaSha2SigMethod);
- String sigMethod = binding.getAlgorithmSuite().getAsymmetricSignature();
+ String sigMethod = binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature();
assertNotNull(sigMethod);
assertEquals(rsaSha2SigMethod, sigMethod);
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java
index 3c1910b..c99c9f8 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java
@@ -91,7 +91,7 @@ public class SHA512PolicyLoader implements AlgorithmSuiteLoader {
SHA512AlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) {
super(version, nestedPolicy);
- setAsymmetricSignature("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
+ getAlgorithmSuiteType().setAsymmetricSignature("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
}
@Override