You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/05/16 13:35:10 UTC
svn commit: r1483300 -
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Author: coheigea
Date: Thu May 16 11:35:10 2013
New Revision: 1483300
URL: http://svn.apache.org/r1483300
Log:
Check for SAML proof-of-possession in both TLS + message signatures
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1483300&r1=1483299&r2=1483300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Thu May 16 11:35:10 2013
@@ -656,31 +656,32 @@ public class SAMLTokenInputHandler exten
} else if (httpsCertificate.getPublicKey().equals(subjectPublicKey)) {
return;
}
- } else {
- for (int j = 0; j < securityTokenProviders.size(); j++) {
- SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider = securityTokenProviders.get(j);
- InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
- if (securityToken == httpsSecurityToken) {
- continue;
- }
- X509Certificate[] x509Certificates = securityToken.getX509Certificates();
- PublicKey publicKey = securityToken.getPublicKey();
- Map<String, Key> keyMap = securityToken.getSecretKey();
- if (x509Certificates != null && x509Certificates.length > 0
- && subjectCertificates != null && subjectCertificates.length > 0 &&
- subjectCertificates[0].equals(x509Certificates[0])) {
- return;
- }
- if (publicKey != null && publicKey.equals(subjectPublicKey)) {
+ }
+
+ // Now try message signatures
+ for (int j = 0; j < securityTokenProviders.size(); j++) {
+ SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider = securityTokenProviders.get(j);
+ InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
+ if (securityToken == httpsSecurityToken) {
+ continue;
+ }
+ X509Certificate[] x509Certificates = securityToken.getX509Certificates();
+ PublicKey publicKey = securityToken.getPublicKey();
+ Map<String, Key> keyMap = securityToken.getSecretKey();
+ if (x509Certificates != null && x509Certificates.length > 0
+ && subjectCertificates != null && subjectCertificates.length > 0 &&
+ subjectCertificates[0].equals(x509Certificates[0])) {
+ return;
+ }
+ if (publicKey != null && publicKey.equals(subjectPublicKey)) {
+ return;
+ }
+ Iterator<Map.Entry<String, Key>> iterator = keyMap.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Map.Entry<String, Key> next = iterator.next();
+ if (next.getValue().equals(subjectSecretKey)) {
return;
}
- Iterator<Map.Entry<String, Key>> iterator = keyMap.entrySet().iterator();
- while (iterator.hasNext()) {
- Map.Entry<String, Key> next = iterator.next();
- if (next.getValue().equals(subjectSecretKey)) {
- return;
- }
- }
}
}
} else if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {