You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/22 16:47:16 UTC
svn commit: r1505700 -
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Author: coheigea
Date: Mon Jul 22 14:47:16 2013
New Revision: 1505700
URL: http://svn.apache.org/r1505700
Log:
A fix for the stax symmetric case
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1505700&r1=1505699&r2=1505700&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Mon Jul 22 14:47:16 2013
@@ -148,8 +148,10 @@ public class StaxSymmetricBindingHandler
if (encryptionToken instanceof KerberosToken) {
tok = getSecurityToken();
addKerberosToken((KerberosToken)encryptionToken, false, false);
- } else if (encryptionToken instanceof IssuedToken
- || encryptionToken instanceof SecureConversationToken
+ } else if (encryptionToken instanceof IssuedToken) {
+ tok = getSecurityToken();
+ addIssuedToken((IssuedToken)encryptionToken, tok, false, false);
+ } else if (encryptionToken instanceof SecureConversationToken
|| encryptionToken instanceof SecurityContextToken
|| encryptionToken instanceof SpnegoContextToken) {
tok = getSecurityToken();
@@ -242,9 +244,11 @@ public class StaxSymmetricBindingHandler
if (sigToken instanceof KerberosToken) {
sigTok = getSecurityToken();
addKerberosToken((KerberosToken)sigToken, false, false);
+ } else if (sigToken instanceof IssuedToken) {
+ sigTok = getSecurityToken();
+ addIssuedToken((IssuedToken)sigToken, sigTok, false, false);
} else if (sigToken instanceof SecureConversationToken
|| sigToken instanceof SecurityContextToken
- || sigToken instanceof IssuedToken
|| sigToken instanceof SpnegoContextToken) {
sigTok = getSecurityToken();
} else if (sigToken instanceof X509Token) {
@@ -373,7 +377,7 @@ public class StaxSymmetricBindingHandler
config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
}
- if (encrToken instanceof KerberosToken) {
+ if (encrToken instanceof KerberosToken || encrToken instanceof IssuedToken) {
config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
}
}
@@ -443,6 +447,8 @@ public class StaxSymmetricBindingHandler
}
} else if (policyToken instanceof KerberosToken && !isRequestor()) {
config.put(ConfigurationConstants.SIG_KEY_ID, "KerberosSHA1");
+ } else if (policyToken instanceof IssuedToken) {
+ config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
}
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
@@ -455,7 +461,7 @@ public class StaxSymmetricBindingHandler
Date created = new Date();
Date expires = new Date();
- expires.setTime(created.getTime() + 300000);
+ expires.setTime(created.getTime() + 300000L);
SecurityToken tempTok =
new SecurityToken(IDGenerator.generateID(null), created, expires);
@@ -560,9 +566,13 @@ public class StaxSymmetricBindingHandler
private void storeSecurityToken(SecurityToken tok) {
TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken;
- if (tok.getTokenType() != null
- && tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
- tokenType = WSSecurityTokenConstants.KerberosToken;
+ if (tok.getTokenType() != null) {
+ if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
+ tokenType = WSSecurityTokenConstants.KerberosToken;
+ } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE)
+ || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) {
+ tokenType = WSSecurityTokenConstants.Saml11Token;
+ }
}
final Key key = tok.getKey();
@@ -576,7 +586,7 @@ public class StaxSymmetricBindingHandler
return key;
}
if (secret != null) {
- return new SecretKeySpec(secret, algorithmURI);
+ return new SecretKeySpec(secret, JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI));
}
return super.getSecretKey(algorithmURI);