You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/04/30 23:24:50 UTC
svn commit: r1332403 - in /cxf/trunk:
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/
Author: sergeyb
Date: Mon Apr 30 21:24:49 2012
New Revision: 1332403
URL: http://svn.apache.org/viewvc?rev=1332403&view=rev
Log:
[CXF-4145] Optional restriction of the encryption key identifier type
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java Mon Apr 30 21:24:49 2012
@@ -44,8 +44,8 @@ import org.apache.xml.security.utils.Con
public final class SecurityUtils {
- public static final String X509_KEY = "X509_KEY";
- public static final String X509_ISSUER_SERIAL = "X509_ISSUER_SERIAL";
+ public static final String X509_CERT = "X509Certificate";
+ public static final String X509_ISSUER_SERIAL = "X509IssuerCerial";
public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";
private SecurityUtils() {
@@ -54,6 +54,7 @@ public final class SecurityUtils {
public static boolean isSignedAndEncryptedTwoWay(Message m) {
Message outMessage = m.getExchange().getOutMessage();
+
Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
? outMessage : m;
return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Mon Apr 30 21:24:49 2012
@@ -170,22 +170,27 @@ public abstract class AbstractXmlEncInHa
*
*/
- Element certNode = getNode(encKeyElement,
- Constants.SignatureSpecNS, "X509Certificate", 0);
- if (certNode != null) {
- try {
- return SecurityUtils.loadX509Certificate(crypto, certNode);
- } catch (Exception ex) {
- throwFault("X509Certificate can not be created", ex);
+ String keyIdentifierType = encProps != null ? encProps.getEncryptionKeyIdType() : null;
+ if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_CERT)) {
+ Element certNode = getNode(encKeyElement,
+ Constants.SignatureSpecNS, "X509Certificate", 0);
+ if (certNode != null) {
+ try {
+ return SecurityUtils.loadX509Certificate(crypto, certNode);
+ } catch (Exception ex) {
+ throwFault("X509Certificate can not be created", ex);
+ }
}
}
- certNode = getNode(encKeyElement,
- Constants.SignatureSpecNS, "X509IssuerSerial", 0);
- if (certNode != null) {
- try {
- return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
- } catch (Exception ex) {
- throwFault("X509Certificate can not be created", ex);
+ if (keyIdentifierType == null || keyIdentifierType.equals(SecurityUtils.X509_ISSUER_SERIAL)) {
+ Element certNode = getNode(encKeyElement,
+ Constants.SignatureSpecNS, "X509IssuerSerial", 0);
+ if (certNode != null) {
+ try {
+ return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
+ } catch (Exception ex) {
+ throwFault("X509Certificate can not be created", ex);
+ }
}
}
throwFault("Certificate is missing", null);
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java Mon Apr 30 21:24:49 2012
@@ -22,6 +22,7 @@ public class EncryptionProperties {
private String encryptionKeyTransportAlgo;
private String encryptionSymmetricKeyAlgo;
private String encryptionDigestAlgo;
+ private String encryptionKeyIdType;
public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) {
this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo;
@@ -41,5 +42,11 @@ public class EncryptionProperties {
public String getEncryptionDigestAlgo() {
return encryptionDigestAlgo;
}
+ public void setEncryptionKeyIdType(String encryptionKeyIdType) {
+ this.encryptionKeyIdType = encryptionKeyIdType;
+ }
+ public String getEncryptionKeyIdType() {
+ return encryptionKeyIdType;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java Mon Apr 30 21:24:49 2012
@@ -68,7 +68,7 @@ public class XmlEncOutInterceptor extend
private SecretKey symmetricKey;
private String keyEncAlgo = XMLCipher.RSA_OAEP;
private String symEncAlgo = XMLCipher.AES_256;
- private String keyIdentifierType = SecurityUtils.X509_KEY;
+ private String keyIdentifierType = SecurityUtils.X509_CERT;
private String digestAlgo;
public XmlEncOutInterceptor() {
@@ -286,7 +286,7 @@ public class XmlEncOutInterceptor extend
);
Node keyIdentifierNode = null;
- if (keyIdentifierType.equals(SecurityUtils.X509_KEY)) {
+ if (keyIdentifierType.equals(SecurityUtils.X509_CERT)) {
byte data[] = null;
try {
data = remoteCert.getEncoded();
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1332403&r1=1332402&r2=1332403&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Mon Apr 30 21:24:49 2012
@@ -167,7 +167,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
- doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM, null, false);
+ doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_CERT, aes128GCM, null, false);
}
@Test
@@ -180,7 +180,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(
- address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256, false
+ address, false, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, XMLCipher.SHA256, false
);
}
@@ -227,7 +227,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
try {
- doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_KEY,
+ doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_CERT,
"http://www.w3.org/2009/xmlenc11#aes128-gcm", null, true);
} catch (ServerWebApplicationException ex) {
assertEquals(400, ex.getStatus());
@@ -253,7 +253,7 @@ public class JAXRSXmlSecTest extends Abs
public void doTestPostEncryptedBook(String address, boolean sign, Map<String, Object> properties)
throws Exception {
doTestPostEncryptedBook(
- address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null, false
+ address, sign, properties, SecurityUtils.X509_CERT, XMLCipher.AES_128, null, false
);
}