You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/03/07 16:55:25 UTC
svn commit: r1297999 - in /cxf/trunk/services/sts:
sts-core/src/main/java/org/apache/cxf/sts/request/
sts-core/src/main/java/org/apache/cxf/sts/token/provider/
systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/
Author: coheigea
Date: Wed Mar 7 15:55:25 2012
New Revision: 1297999
URL: http://svn.apache.org/viewvc?rev=1297999&view=rev
Log:
[CXF-4168] - Support processing a KeyInfo/KeyValue child of UseKey in a RequestSecurityToken
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java Wed Mar 7 15:55:25 2012
@@ -22,6 +22,8 @@ package org.apache.cxf.sts.request;
import java.io.ByteArrayInputStream;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.KeyException;
+import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -31,6 +33,12 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
@@ -309,18 +317,22 @@ public class RequestParser {
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
} else {
- Element elementNSImpl = (Element) useKey.getAny();
- NodeList x509CertData =
- elementNSImpl.getElementsByTagNameNS(
- Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE
- );
- if (x509CertData != null && x509CertData.getLength() > 0) {
- try {
- x509 = Base64Utility.decode(x509CertData.item(0).getTextContent());
- LOG.fine("Found X509Certificate UseKey type");
- } catch (Exception e) {
- LOG.log(Level.WARNING, "", e);
- throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+ Element element = (Element)useKey.getAny();
+ if ("KeyInfo".equals(element.getLocalName())) {
+ return parseKeyInfoElement((Element)useKey.getAny());
+ } else {
+ NodeList x509CertData =
+ element.getElementsByTagNameNS(
+ Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE
+ );
+ if (x509CertData != null && x509CertData.getLength() > 0) {
+ try {
+ x509 = Base64Utility.decode(x509CertData.item(0).getTextContent());
+ LOG.fine("Found X509Certificate UseKey type");
+ } catch (Exception e) {
+ LOG.log(Level.WARNING, "", e);
+ throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+ }
}
}
}
@@ -359,6 +371,54 @@ public class RequestParser {
}
/**
+ * Parse the KeyInfo Element to return a ReceivedKey object containing the found certificate or
+ * public key.
+ */
+ private static ReceivedKey parseKeyInfoElement(Element keyInfoElement) throws STSException {
+ KeyInfoFactory keyInfoFactory = null;
+ try {
+ keyInfoFactory = KeyInfoFactory.getInstance("DOM", "ApacheXMLDSig");
+ } catch (NoSuchProviderException ex) {
+ keyInfoFactory = KeyInfoFactory.getInstance("DOM");
+ }
+
+ try {
+ KeyInfo keyInfo =
+ keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
+ List<?> list = keyInfo.getContent();
+
+ for (int i = 0; i < list.size(); i++) {
+ if (list.get(i) instanceof KeyValue) {
+ KeyValue keyValue = (KeyValue)list.get(i);
+ ReceivedKey receivedKey = new ReceivedKey();
+ receivedKey.setPublicKey(keyValue.getPublicKey());
+ return receivedKey;
+ } else if (list.get(i) instanceof X509Certificate) {
+ ReceivedKey receivedKey = new ReceivedKey();
+ receivedKey.setX509Cert((X509Certificate)list.get(i));
+ return receivedKey;
+ } else if (list.get(i) instanceof X509Data) {
+ X509Data x509Data = (X509Data)list.get(i);
+ for (int j = 0; j < x509Data.getContent().size(); j++) {
+ if (x509Data.getContent().get(j) instanceof X509Certificate) {
+ ReceivedKey receivedKey = new ReceivedKey();
+ receivedKey.setX509Cert((X509Certificate)x509Data.getContent().get(j));
+ return receivedKey;
+ }
+ }
+ }
+ }
+ } catch (MarshalException e) {
+ LOG.log(Level.WARNING, "", e);
+ throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+ } catch (KeyException e) {
+ LOG.log(Level.WARNING, "", e);
+ throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
+ }
+ return null;
+ }
+
+ /**
* Parse an Entropy object
* @param entropy an Entropy object
*/
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java Wed Mar 7 15:55:25 2012
@@ -19,6 +19,7 @@
package org.apache.cxf.sts.token.provider;
import java.security.Principal;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -141,7 +142,7 @@ public class DefaultSubjectProvider impl
}
} else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
ReceivedKey receivedKey = keyRequirements.getReceivedKey();
- KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert());
+ KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());
subjectBean.setKeyInfo(keyInfo);
}
@@ -171,13 +172,18 @@ public class DefaultSubjectProvider impl
}
/**
- * Create a KeyInfoBean that contains an X.509 certificate.
+ * Create a KeyInfoBean that contains an X.509 certificate or Public Key
*/
- private static KeyInfoBean createKeyInfo(X509Certificate certificate) {
+ private static KeyInfoBean createKeyInfo(X509Certificate certificate, PublicKey publicKey) {
KeyInfoBean keyInfo = new KeyInfoBean();
- keyInfo.setCertificate(certificate);
- keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+ if (certificate != null) {
+ keyInfo.setCertificate(certificate);
+ keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+ } else if (publicKey != null) {
+ keyInfo.setPublicKey(publicKey);
+ keyInfo.setCertIdentifer(CERT_IDENTIFIER.KEY_VALUE);
+ }
return keyInfo;
}
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Wed Mar 7 15:55:25 2012
@@ -474,7 +474,8 @@ public class SAMLTokenProvider implement
String keyType = keyRequirements.getKeyType();
if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
if (keyRequirements.getReceivedKey() == null
- || keyRequirements.getReceivedKey().getX509Cert() == null) {
+ || (keyRequirements.getReceivedKey().getX509Cert() == null
+ && keyRequirements.getReceivedKey().getPublicKey() == null)) {
LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
throw new STSException(
"No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml?rev=1297999&r1=1297998&r2=1297999&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml Wed Mar 7 15:55:25 2012
@@ -79,7 +79,7 @@ http://cxf.apache.org/configuration/secu
value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
<entry key="ws-security.sts.token.username" value="myclientkey"/>
<entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
- <entry key="ws-security.sts.token.usecert" value="true"/>
+ <entry key="ws-security.sts.token.usecert" value="false"/>
</map>
</property>
</bean>