You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/02 18:50:09 UTC
[3/3] cxf git commit: Make it possible to use a PasswordEncryptor
with the SamlTokenInterceptor
Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fcd965ed
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fcd965ed
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fcd965ed
Branch: refs/heads/master
Commit: fcd965edc2f1bccf7017deef5e2a4f538a187a5c
Parents: 9bb3584
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 2 15:30:21 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 2 17:50:01 2015 +0000
----------------------------------------------------------------------
.../ws/security/trust/AbstractSTSClient.java | 4 ++-
.../ws/security/wss4j/SamlTokenInterceptor.java | 4 ++-
.../cxf/ws/security/wss4j/WSS4JUtils.java | 27 ++++++++++++++++++++
.../policyhandlers/AbstractBindingBuilder.java | 26 +------------------
4 files changed, 34 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 92fc862..0784b61 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -114,6 +114,7 @@ import org.apache.neethi.PolicyRegistry;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.derivedKey.P_SHA1;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
@@ -1611,7 +1612,8 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
Properties properties = WSS4JUtils.getProps(o, propsURL);
if (properties != null) {
- return CryptoFactory.getInstance(properties);
+ PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message);
+ return CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor);
}
if (decrypt) {
return createCrypto(false);
http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index 7efbbe1..f6ff3f5 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
@@ -317,7 +318,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
Properties properties = WSS4JUtils.getProps(o, propsURL);
if (properties != null) {
- crypto = CryptoFactory.getInstance(properties);
+ PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message);
+ crypto = CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor);
}
return crypto;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index 1eb1142..b3f3dd4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -30,6 +30,7 @@ import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
+import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapFault;
@@ -49,6 +50,7 @@ import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
@@ -241,6 +243,31 @@ public final class WSS4JUtils {
return properties;
}
+ public static PasswordEncryptor getPasswordEncryptor(Message message) {
+ if (message == null) {
+ return null;
+ }
+ PasswordEncryptor passwordEncryptor =
+ (PasswordEncryptor)message.getContextualProperty(
+ SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE
+ );
+ if (passwordEncryptor != null) {
+ return passwordEncryptor;
+ }
+
+ Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
+ try {
+ CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o);
+ if (callbackHandler != null) {
+ return new JasyptPasswordEncryptor(callbackHandler);
+ }
+ } catch (Exception ex) {
+ return null;
+ }
+
+ return null;
+ }
+
public static Crypto loadCryptoFromPropertiesFile(
Message message,
String propFilename,
http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index d6ff7f0..28d3e08 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -81,8 +81,6 @@ import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
-import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -1523,34 +1521,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (properties != null) {
crypto = CryptoFactory.getInstance(properties,
Loader.getClassLoader(CryptoFactory.class),
- getPasswordEncryptor());
+ WSS4JUtils.getPasswordEncryptor(message));
getCryptoCache().put(o, crypto);
}
return crypto;
}
- protected PasswordEncryptor getPasswordEncryptor() {
- PasswordEncryptor passwordEncryptor =
- (PasswordEncryptor)message.getContextualProperty(
- SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE
- );
- if (passwordEncryptor != null) {
- return passwordEncryptor;
- }
-
- Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
- try {
- CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o);
- if (callbackHandler != null) {
- return new JasyptPasswordEncryptor(callbackHandler);
- }
- } catch (Exception ex) {
- return null;
- }
-
- return null;
- }
-
public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) {
boolean tokenTypeSet = false;