You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/05/23 10:21:40 UTC
[cxf] 05/07: Picking up derived key changes from WSS4J
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit b10c87fb2097ffccb989f15de971de1f6627db6a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 31 11:49:53 2019 +0000
Picking up derived key changes from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 8 ++++----
.../policyhandlers/AsymmetricBindingHandler.java | 8 ++++----
.../policyhandlers/SymmetricBindingHandler.java | 24 +++++++++-------------
.../policyhandlers/TransportBindingHandler.java | 10 ++++-----
4 files changed, 23 insertions(+), 27 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index e56ca5d..be9b13a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2043,7 +2043,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (ref != null) {
ref = cloneElement(ref);
- dkSign.setExternalKey(tok.getSecret(), ref);
+ dkSign.setStrElem(ref);
} else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -2054,10 +2054,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
tokenRef.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -2073,7 +2073,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (isTokenProtection) {
String sigTokId = XMLUtils.getIDFromReference(tok.getId());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 5806b3e..09cd142 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -597,7 +597,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setupEncryptedKey(encrToken);
}
- dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setTokenIdentifier(this.encryptedKeyId);
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
@@ -606,7 +606,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(this.encryptedKeyValue);
addDerivedKeyElement(dkEncr.getdktElement());
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
@@ -681,7 +681,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkSign.setTokenIdentifier(this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
@@ -699,7 +699,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
- dkSign.prepare();
+ dkSign.prepare(this.encryptedKeyValue);
if (abinding.isProtectTokens()) {
assertPolicy(
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index d824e21..8a4d5d9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -452,13 +452,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (attached && encrTok.getAttachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getAttachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getAttachedReference()));
} else if (encrTok.getUnattachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getUnattachedReference()));
} else if (!isRequestor() && encrTok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -477,7 +473,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
tokenRef.addTokenType(tokenType);
- dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+ dkEncr.setStrElem(tokenRef.getElement());
} else {
if (attached) {
String id = encrTok.getWsuId();
@@ -492,10 +488,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (id.startsWith("#")) {
id = id.substring(1);
}
- dkEncr.setExternalKey(encrTok.getSecret(), id);
+ dkEncr.setTokenIdentifier(id);
} else {
dkEncr.setTokenIdDirectId(true);
- dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ dkEncr.setTokenIdentifier(encrTok.getId());
}
}
@@ -525,7 +521,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(encrTok.getSecret());
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
@@ -701,7 +697,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else if (!isRequestor() && policyToken.getDerivedKeys()
== DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
@@ -723,13 +719,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
tokenRef.addTokenType(tokenType);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
if ((!attached && !isRequestor()) || policyToken instanceof SecureConversationToken
|| policyToken instanceof SecurityContextToken) {
dkSign.setTokenIdDirectId(true);
}
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -769,7 +765,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (sbinding.isProtectTokens()) {
String sigTokId = tok.getId();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 2759256..33ae0dd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -393,9 +393,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
+ dkSig.setTokenIdentifier(encrKey.getId());
- dkSig.prepare();
+ dkSig.prepare(symmetricKey.getEncoded());
dkSig.getParts().addAll(sigParts);
List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
@@ -488,9 +488,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else {
- dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
+ dkSign.setTokenIdentifier(secTok.getId());
}
if (token instanceof UsernameToken) {
@@ -504,7 +504,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token.getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.prepare();
+ dkSign.prepare(secTok.getSecret());
addDerivedKeyElement(dkSign.getdktElement());