You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/12/03 12:55:37 UTC
svn commit: r1547352 - in /cxf/trunk:
rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/
rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/
rt/rs/security/xml/src/main/java/org/a...
Author: coheigea
Date: Tue Dec 3 11:55:37 2013
New Revision: 1547352
URL: http://svn.apache.org/r1547352
Log:
An update following a recent merge to WSS4J
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java Tue Dec 3 11:55:37 2013
@@ -33,7 +33,6 @@ import javax.ws.rs.core.MultivaluedMap;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.message.Message;
@@ -61,9 +60,11 @@ import org.apache.cxf.ws.security.Securi
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.apache.wss4j.dom.validate.Validator;
@@ -188,10 +189,13 @@ public class Saml2BearerGrantHandler ext
message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
Signature sig = assertion.getSignature();
+ WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
KeyInfo keyInfo = sig.getKeyInfo();
+
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialDirectlyFromKeyInfo(
- keyInfo.getDOM(), data.getSigVerCrypto()
+ SAMLUtil.getCredentialFromKeyInfo(
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo),
+ data.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java Tue Dec 3 11:55:37 2013
@@ -350,10 +350,12 @@ public class SAMLProtocolResponseValidat
// Verify the signature
try {
Signature sig = assertion.getSignature();
+ WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
KeyInfo keyInfo = sig.getKeyInfo();
+
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialDirectlyFromKeyInfo(
- keyInfo.getDOM(), sigCrypto
+ SAMLUtil.getCredentialFromKeyInfo(
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), sigCrypto
);
assertion.verifySignature(samlKeyInfo);
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java Tue Dec 3 11:55:37 2013
@@ -36,7 +36,6 @@ import javax.ws.rs.core.Response;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
@@ -52,6 +51,7 @@ import org.apache.wss4j.common.saml.Open
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -133,12 +133,14 @@ public abstract class AbstractSamlInHand
}
data.setEnableRevocation(MessageUtils.isTrue(
message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
-
Signature sig = assertion.getSignature();
+ WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
KeyInfo keyInfo = sig.getKeyInfo();
+
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialDirectlyFromKeyInfo(
- keyInfo.getDOM(), data.getSigVerCrypto()
+ SAMLUtil.getCredentialFromKeyInfo(
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo),
+ data.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java?rev=1547352&r1=1547351&r2=1547352&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Tue Dec 3 11:55:37 2013
@@ -49,8 +49,10 @@ import org.apache.wss4j.common.saml.SAML
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SignatureTrustValidator;
import org.apache.wss4j.dom.validate.Validator;
@@ -172,21 +174,22 @@ public class SAMLTokenValidator implemen
return response;
}
+ RequestData requestData = new RequestData();
+ requestData.setSigVerCrypto(sigCrypto);
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ requestData.setWssConfig(wssConfig);
+ requestData.setCallbackHandler(callbackHandler);
+ WSDocInfo docInfo = new WSDocInfo(validateTargetElement.getOwnerDocument());
+
// Verify the signature
Signature sig = assertion.getSignature();
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialDirectlyFromKeyInfo(
- keyInfo.getDOM(), sigCrypto
+ SAMLUtil.getCredentialFromKeyInfo(
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), sigCrypto
);
assertion.verifySignature(samlKeyInfo);
- RequestData requestData = new RequestData();
- requestData.setSigVerCrypto(sigCrypto);
- WSSConfig wssConfig = WSSConfig.getNewInstance();
- requestData.setWssConfig(wssConfig);
- requestData.setCallbackHandler(callbackHandler);
-
// Validate the assertion against schemas/profiles
validateAssertion(assertion);