You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/12/05 20:08:16 UTC
svn commit: r723821 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/src/test/java/org/apache/cxf/systest/ws/security/
Author: dkulp
Date: Fri Dec 5 11:08:16 2008
New Revision: 723821
URL: http://svn.apache.org/viewvc?rev=723821&view=rev
Log:
Make signature keys separate from stuff for usernametoken
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri Dec 5 11:08:16 2008
@@ -27,7 +27,9 @@
public static final String PASSWORD = "ws-security.password";
public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
+ public static final String SIGNATURE_USERNAME = "ws-security.signature.username";
public static final String SIGNATURE_PROPERTIES = "ws-security.signature.properties";
+
public static final String ENCRYPT_USERNAME = "ws-security.encryption.username";
public static final String ENCRYPT_PROPERTIES = "ws-security.encryption.properties";
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Dec 5 11:08:16 2008
@@ -828,7 +828,7 @@
public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
- ? SecurityConstants.USERNAME
+ ? SecurityConstants.SIGNATURE_USERNAME
: SecurityConstants.ENCRYPT_USERNAME);
if (encrUser == null) {
encrUser = crypto.getDefaultX509Alias();
@@ -962,31 +962,48 @@
setKeyIdentifierType(sig, wrapper, token);
boolean encryptCrypto = false;
- String userNameKey = SecurityConstants.USERNAME;
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
String type = "signature";
if (binding instanceof SymmetricBinding) {
encryptCrypto = ((SymmetricBinding)binding).getProtectionToken() != null;
userNameKey = SecurityConstants.ENCRYPT_USERNAME;
}
-
+ Crypto crypto = encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper);
String user = (String)message.getContextualProperty(userNameKey);
if (StringUtils.isEmpty(user)) {
+ user = crypto.getDefaultX509Alias();
+ }
+ if (user == null) {
+ try {
+ Enumeration<String> en = crypto.getKeyStore().aliases();
+ if (en.hasMoreElements()) {
+ user = en.nextElement();
+ }
+ if (en.hasMoreElements()) {
+ //more than one alias in the keystore, user WILL need
+ //to specify
+ user = null;
+ }
+ } catch (KeyStoreException e) {
+ //ignore
+ }
+ }
+ if (StringUtils.isEmpty(user)) {
policyNotAsserted(token, "No " + type + " username found.");
}
String password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
- if (StringUtils.isEmpty(password)) {
- policyNotAsserted(token, "No password found.");
+ if (password == null) {
+ password = "";
}
-
sig.setUserInfo(user, password);
sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
try {
sig.prepare(saaj.getSOAPPart(),
- encryptCrypto ? getEncryptionCrypto(wrapper) : getSignatureCrypto(wrapper),
+ crypto,
secHeader);
} catch (WSSecurityException e) {
policyNotAsserted(token, e);
Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Fri Dec 5 11:08:16 2008
@@ -82,7 +82,7 @@
EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
- ei.setProperty(SecurityConstants.USERNAME, "alice");
+ ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -95,7 +95,7 @@
ei = ep.getServer().getEndpoint().getEndpointInfo();
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
- ei.setProperty(SecurityConstants.USERNAME, "alice");
+ ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -110,7 +110,7 @@
DoubleItPortType pt;
pt = service.getDoubleItPortEncryptThenSign();
- ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -122,7 +122,7 @@
pt = service.getDoubleItPortSignThenEncrypt();
- ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -141,7 +141,7 @@
throw ex;
}
}
- ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "bob");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
pt.doubleIt(BigInteger.valueOf(25));