You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/05/08 13:29:00 UTC
svn commit: r1678335 - in
/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml:
OpenSAMLUtil.java SamlAssertionWrapper.java
Author: coheigea
Date: Fri May 8 11:29:00 2015
New Revision: 1678335
URL: http://svn.apache.org/r1678335
Log:
Fixing XML Signature/Validation of SAML Assertions in Karaf
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java?rev=1678335&r1=1678334&r2=1678335&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java Fri May 8 11:29:00 2015
@@ -42,6 +42,7 @@ import org.opensaml.saml.config.SAMLConf
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
+import org.opensaml.xmlsec.signature.support.SignerProvider;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
@@ -82,8 +83,9 @@ public final class OpenSAMLUtil {
OpenSAMLBootstrap.bootstrap();
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
- configuration.register(SAMLConfiguration.class, samlConfiguration, ConfigurationService.DEFAULT_PARTITION_NAME);
+ configuration.register(SAMLConfiguration.class, samlConfiguration, ConfigurationService.DEFAULT_PARTITION_NAME);
+
builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
@@ -235,10 +237,14 @@ public final class OpenSAMLUtil {
private static void signObject(Signature signature) throws WSSecurityException {
if (signature != null) {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
try {
+ Thread.currentThread().setContextClassLoader(SignerProvider.class.getClassLoader());
Signer.signObject(signature);
} catch (SignatureException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", ex, "Error signing a SAML assertion");
+ } finally {
+ Thread.currentThread().setContextClassLoader(loader);
}
}
}
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1678335&r1=1678334&r2=1678335&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java Fri May 8 11:29:00 2015
@@ -63,6 +63,7 @@ import org.opensaml.xmlsec.signature.Sig
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.opensaml.xmlsec.signature.support.SignerProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -568,8 +569,7 @@ public class SamlAssertionWrapper {
kiFactory.setEmitEntityCertificate(true);
}
try {
- KeyInfo keyInfo = kiFactory.newInstance().generate(
- signingCredential);
+ KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.security.SecurityException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", ex,
@@ -632,11 +632,15 @@ public class SamlAssertionWrapper {
"cannot get certificate or key"
);
}
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
try {
+ Thread.currentThread().setContextClassLoader(SignerProvider.class.getClassLoader());
SignatureValidator.validate(sig, credential);
} catch (SignatureException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"empty", ex, "SAML signature validation failed");
+ } finally {
+ Thread.currentThread().setContextClassLoader(loader);
}
signatureKeyInfo = samlKeyInfo;
} else {