You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/08/03 17:05:27 UTC
svn commit: r1153529 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/sam...
Author: sergeyb
Date: Wed Aug 3 15:05:25 2011
New Revision: 1153529
URL: http://svn.apache.org/viewvc?rev=1153529&view=rev
Log:
CXF-3661,CXF-3677: Minimizing the duplication to do with loading Cryptos
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java (with props)
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Aug 3 15:05:25 2011
@@ -50,6 +50,7 @@ public final class SecurityConstants {
public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
+ public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
public static final String TOKEN = "ws-security.token";
public static final String TOKEN_ID = "ws-security.token.id";
Added: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java?rev=1153529&view=auto
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java (added)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java Wed Aug 3 15:05:25 2011
@@ -0,0 +1,101 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.common;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+
+public class CryptoLoader {
+
+ public Crypto getCrypto(Message message,
+ String cryptoKey,
+ String propKey)
+ throws IOException, WSSecurityException {
+ Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+ if (crypto != null) {
+ return crypto;
+ }
+
+ Object o = message.getContextualProperty(propKey);
+ if (o == null) {
+ return null;
+ }
+
+ crypto = getCryptoCache(message).get(o);
+ if (crypto != null) {
+ return crypto;
+ }
+
+ ClassLoader orig = Thread.currentThread().getContextClassLoader();
+ try {
+ URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
+ if (url == null) {
+ ResourceManager manager = message.getExchange()
+ .getBus().getExtension(ResourceManager.class);
+ ClassLoader loader = manager.resolveResource("", ClassLoader.class);
+ if (loader != null) {
+ Thread.currentThread().setContextClassLoader(loader);
+ }
+ url = manager.resolveResource((String)o, URL.class);
+ }
+ if (url != null) {
+ Properties props = new Properties();
+ InputStream in = url.openStream();
+ props.load(in);
+ in.close();
+ crypto = CryptoFactory.getInstance(props);
+ } else {
+ crypto = CryptoFactory.getInstance((String)o);
+ }
+ getCryptoCache(message).put(o, crypto);
+ return crypto;
+ } finally {
+ Thread.currentThread().setContextClassLoader(orig);
+ }
+ }
+
+ public final Map<Object, Crypto> getCryptoCache(Message message) {
+ EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ Map<Object, Crypto> o =
+ CastUtils.cast((Map<?, ?>)info.getProperty(SecurityConstants.CRYPTO_CACHE));
+ if (o == null) {
+ o = new ConcurrentHashMap<Object, Crypto>();
+ info.setProperty(SecurityConstants.CRYPTO_CACHE, o);
+ }
+ return o;
+ }
+ }
+}
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/common/CryptoLoader.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java Wed Aug 3 15:05:25 2011
@@ -22,13 +22,11 @@ package org.apache.cxf.systest.jaxrs.sec
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.net.URL;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
-import java.util.Properties;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
@@ -36,21 +34,17 @@ import javax.ws.rs.WebApplicationExcepti
import javax.ws.rs.core.Response;
import org.w3c.dom.Document;
-
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.security.transport.TLSSessionInfo;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.saml.SAMLKeyInfo;
@@ -60,6 +54,7 @@ import org.apache.ws.security.validate.C
import org.apache.ws.security.validate.SamlAssertionValidator;
import org.apache.ws.security.validate.Validator;
+
public abstract class AbstractSamlInHandler implements RequestHandler {
private static final Logger LOG =
@@ -92,7 +87,8 @@ public abstract class AbstractSamlInHand
data.setWssConfig(cfg);
data.setCallbackHandler(getCallbackHandler(message));
try {
- data.setSigCrypto(getCrypto(message,
+ data.setSigCrypto(new CryptoLoader().getCrypto(message,
+ SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES));
} catch (IOException ex) {
throwFault("Crypto can not be loaded", ex);
@@ -298,41 +294,6 @@ public abstract class AbstractSamlInHand
return false;
}
- // this code will be moved to a common utility class
- protected Crypto getCrypto(Message message, String propKey)
- throws IOException, WSSecurityException {
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- ClassLoader orig = Thread.currentThread().getContextClassLoader();
- try {
- URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("", ClassLoader.class);
- if (loader != null) {
- Thread.currentThread().setContextClassLoader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- }
- if (url != null) {
- Properties props = new Properties();
- InputStream in = url.openStream();
- props.load(in);
- in.close();
- return CryptoFactory.getInstance(props);
- } else {
- return CryptoFactory.getInstance((String)o);
- }
- } finally {
- Thread.currentThread().setContextClassLoader(orig);
- }
- }
-
private CallbackHandler getCallbackHandler(Message message) {
//Then try to get the password from the given callback handler
Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java Wed Aug 3 15:05:25 2011
@@ -18,43 +18,31 @@
*/
package org.apache.cxf.systest.jaxrs.security.saml;
-import java.io.IOException;
-import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
-import java.net.URL;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
-import org.apache.cxf.Bus;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.SAMLParms;
public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractSamlOutInterceptor.class);
- private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
protected AbstractSamlOutInterceptor() {
super(Phase.PRE_MARSHAL);
@@ -72,11 +60,11 @@ public abstract class AbstractSamlOutInt
);
if (selfSignAssertion) {
//--- This code will be moved to a common utility class
- Crypto crypto = getCrypto(message,
+ Crypto crypto = new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
- String user = getUserName(message, crypto);
+ String user = getUserName(message, crypto, SecurityConstants.SIGNATURE_USERNAME);
if (StringUtils.isEmpty(user)) {
return assertion;
}
@@ -98,8 +86,7 @@ public abstract class AbstractSamlOutInt
}
// This code will be moved to a common utility class
- private String getUserName(Message message, Crypto crypto) {
- String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ private String getUserName(Message message, Crypto crypto, String userNameKey) {
String user = (String)message.getContextualProperty(userNameKey);
if (crypto != null && StringUtils.isEmpty(user)) {
try {
@@ -148,82 +135,5 @@ public abstract class AbstractSamlOutInt
return handler;
}
- private Crypto getCrypto(Message message,
- String cryptoKey,
- String propKey) {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
- if (crypto != null) {
- return crypto;
- }
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- crypto = getCryptoCache(message).get(o);
- if (crypto != null) {
- return crypto;
- }
- Properties properties = null;
- if (o instanceof Properties) {
- properties = (Properties)o;
- } else if (o instanceof String) {
- ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
- URL url = rm.resolveResource((String)o, URL.class);
- try {
- if (url == null) {
- url = ClassLoaderUtils.getResource((String)o, this.getClass());
- }
- if (url == null) {
- try {
- url = new URL((String)o);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
- if (url != null) {
- InputStream ins = url.openStream();
- properties = new Properties();
- properties.load(ins);
- ins.close();
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- } else if (o instanceof URL) {
- properties = new Properties();
- try {
- InputStream ins = ((URL)o).openStream();
- properties.load(ins);
- ins.close();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- if (properties != null) {
- try {
- crypto = CryptoFactory.getInstance(properties);
- } catch (Exception ex) {
- return null;
- }
- getCryptoCache(message).put(o, crypto);
- }
- return crypto;
- }
-
- protected final Map<Object, Crypto> getCryptoCache(Message message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- Map<Object, Crypto> o =
- CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
- if (o == null) {
- o = new ConcurrentHashMap<Object, Crypto>();
- info.setProperty(CRYPTO_CACHE, o);
- }
- return o;
- }
- }
}
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java Wed Aug 3 15:05:25 2011
@@ -61,11 +61,7 @@ public class SamlHeaderOutInterceptor ex
String encodedToken = encodeToken(assertionWrapper.assertionToString());
- Map<String, List<String>> headers =
- CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
- if (headers == null) {
- headers = new HashMap<String, List<String>>();
- }
+ Map<String, List<String>> headers = getHeaders(message);
StringBuilder builder = new StringBuilder();
builder.append("SAML").append(" ").append(encodedToken);
@@ -81,6 +77,16 @@ public class SamlHeaderOutInterceptor ex
}
+ @SuppressWarnings("unchecked")
+ private Map<String, List<String>> getHeaders(Message message) {
+ Map<String, List<String>> headers =
+ CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
+ if (headers == null) {
+ headers = new HashMap<String, List<String>>();
+ }
+ return headers;
+ }
+
private String encodeToken(String assertion) throws Base64Exception {
byte[] tokenBytes = null;
try {
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncInHandler.java Wed Aug 3 15:05:25 2011
@@ -20,13 +20,10 @@
package org.apache.cxf.systest.jaxrs.security.xml;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.Cipher;
@@ -49,14 +46,13 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.validate.Credential;
@@ -73,6 +69,7 @@ public class XmlEncInHandler implements
WSSConfig.init();
}
+
public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
@@ -136,7 +133,9 @@ public class XmlEncInHandler implements
Crypto crypto = null;
try {
- crypto = getCrypto(message, SecurityConstants.ENCRYPT_PROPERTIES);
+ crypto = new CryptoLoader().getCrypto(message,
+ SecurityConstants.ENCRYPT_CRYPTO,
+ SecurityConstants.ENCRYPT_PROPERTIES);
} catch (Exception ex) {
throwFault("Crypto can not be loaded", ex);
}
@@ -251,41 +250,6 @@ public class XmlEncInHandler implements
throw ex != null ? new WebApplicationException(ex, response) : new WebApplicationException(response);
}
- // this code will be moved to a common utility class
- protected Crypto getCrypto(Message message, String propKey)
- throws IOException, WSSecurityException {
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- ClassLoader orig = Thread.currentThread().getContextClassLoader();
- try {
- URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("", ClassLoader.class);
- if (loader != null) {
- Thread.currentThread().setContextClassLoader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- }
- if (url != null) {
- Properties props = new Properties();
- InputStream in = url.openStream();
- props.load(in);
- in.close();
- return CryptoFactory.getInstance(props);
- } else {
- return CryptoFactory.getInstance((String)o);
- }
- } finally {
- Thread.currentThread().setContextClassLoader(orig);
- }
- }
-
private CallbackHandler getCallbackHandler(Message message) {
//Then try to get the password from the given callback handler
Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlEncOutInterceptor.java Wed Aug 3 15:05:25 2011
@@ -18,19 +18,13 @@
*/
package org.apache.cxf.systest.jaxrs.security.xml;
-import java.io.IOException;
-import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.annotation.Annotation;
-import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
@@ -49,13 +43,10 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
@@ -64,15 +55,13 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.message.token.DOMX509Data;
import org.apache.ws.security.message.token.DOMX509IssuerSerial;
@@ -85,7 +74,6 @@ import org.apache.xml.security.encryptio
public class XmlEncOutInterceptor extends AbstractPhaseInterceptor<Message> {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlEncOutInterceptor.class);
- private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
static {
WSSConfig.init();
@@ -140,11 +128,12 @@ public class XmlEncOutInterceptor extend
Document encryptedDataDoc = DOMUtils.createDocument();
Element encryptedDataElement = createEncryptedDataElement(encryptedDataDoc);
if (encryptSymmetricKey) {
- Crypto crypto = getCrypto(message,
+ CryptoLoader loader = new CryptoLoader();
+ Crypto crypto = loader.getCrypto(message,
SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
- String user = getUserName(message, crypto);
+ String user = getUserName(message, crypto, SecurityConstants.ENCRYPT_USERNAME);
if (StringUtils.isEmpty(user)) {
return null;
}
@@ -401,8 +390,7 @@ public class XmlEncOutInterceptor extend
}
// This code will be moved to a common utility class
- private String getUserName(Message message, Crypto crypto) {
- String userNameKey = SecurityConstants.ENCRYPT_USERNAME;
+ private String getUserName(Message message, Crypto crypto, String userNameKey) {
String user = (String)message.getContextualProperty(userNameKey);
if (crypto != null && StringUtils.isEmpty(user)) {
try {
@@ -415,81 +403,5 @@ public class XmlEncOutInterceptor extend
}
- private Crypto getCrypto(Message message,
- String cryptoKey,
- String propKey) {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
- if (crypto != null) {
- return crypto;
- }
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- crypto = getCryptoCache(message).get(o);
- if (crypto != null) {
- return crypto;
- }
- Properties properties = null;
- if (o instanceof Properties) {
- properties = (Properties)o;
- } else if (o instanceof String) {
- ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
- URL url = rm.resolveResource((String)o, URL.class);
- try {
- if (url == null) {
- url = ClassLoaderUtils.getResource((String)o, this.getClass());
- }
- if (url == null) {
- try {
- url = new URL((String)o);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
- if (url != null) {
- InputStream ins = url.openStream();
- properties = new Properties();
- properties.load(ins);
- ins.close();
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- } else if (o instanceof URL) {
- properties = new Properties();
- try {
- InputStream ins = ((URL)o).openStream();
- properties.load(ins);
- ins.close();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- if (properties != null) {
- try {
- crypto = CryptoFactory.getInstance(properties);
- } catch (Exception ex) {
- return null;
- }
- getCryptoCache(message).put(o, crypto);
- }
- return crypto;
- }
- protected final Map<Object, Crypto> getCryptoCache(Message message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- Map<Object, Crypto> o =
- CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
- if (o == null) {
- o = new ConcurrentHashMap<Object, Crypto>();
- info.setProperty(CRYPTO_CACHE, o);
- }
- return o;
- }
- }
}
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java Wed Aug 3 15:05:25 2011
@@ -19,12 +19,9 @@
package org.apache.cxf.systest.jaxrs.security.xml;
-import java.io.IOException;
import java.io.InputStream;
-import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.Properties;
import java.util.logging.Logger;
import javax.ws.rs.WebApplicationException;
@@ -35,19 +32,16 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.SignatureTrustValidator;
@@ -100,7 +94,15 @@ public class XmlSigInHandler implements
Crypto crypto = null;
try {
- crypto = getCrypto(message, SecurityConstants.SIGNATURE_PROPERTIES);
+ CryptoLoader loader = new CryptoLoader();
+ crypto = loader.getCrypto(message,
+ SecurityConstants.SIGNATURE_CRYPTO,
+ SecurityConstants.SIGNATURE_PROPERTIES);
+ if (crypto == null) {
+ crypto = loader.getCrypto(message,
+ SecurityConstants.ENCRYPT_CRYPTO,
+ SecurityConstants.ENCRYPT_PROPERTIES);
+ }
} catch (Exception ex) {
throwFault("Crypto can not be loaded", ex);
}
@@ -171,41 +173,6 @@ public class XmlSigInHandler implements
throw ex != null ? new WebApplicationException(ex, response) : new WebApplicationException(response);
}
- // this code will be moved to a common utility class
- protected Crypto getCrypto(Message message, String propKey)
- throws IOException, WSSecurityException {
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- ClassLoader orig = Thread.currentThread().getContextClassLoader();
- try {
- URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("", ClassLoader.class);
- if (loader != null) {
- Thread.currentThread().setContextClassLoader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- }
- if (url != null) {
- Properties props = new Properties();
- InputStream in = url.openStream();
- props.load(in);
- in.close();
- return CryptoFactory.getInstance(props);
- } else {
- return CryptoFactory.getInstance((String)o);
- }
- } finally {
- Thread.currentThread().setContextClassLoader(orig);
- }
- }
-
protected void validateReference(Element root, XMLSignature sig) {
Reference ref = null;
int count = sig.getSignedInfo().getLength();
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java?rev=1153529&r1=1153528&r2=1153529&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java Wed Aug 3 15:05:25 2011
@@ -18,19 +18,13 @@
*/
package org.apache.cxf.systest.jaxrs.security.xml;
-import java.io.IOException;
-import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.annotation.Annotation;
-import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
-import java.util.Map;
-import java.util.Properties;
import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
@@ -41,12 +35,9 @@ import javax.xml.transform.dom.DOMSource
import org.w3c.dom.Document;
-import org.apache.cxf.Bus;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
import org.apache.cxf.jaxrs.provider.ProviderFactory;
@@ -54,15 +45,13 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.systest.jaxrs.security.common.CryptoLoader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
@@ -70,10 +59,10 @@ import org.apache.xml.security.utils.Con
import org.apache.xml.security.utils.ElementProxy;
import org.opensaml.xml.signature.SignatureConstants;
+
public class XmlSigOutInterceptor extends AbstractPhaseInterceptor<Message> {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
- private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
static {
WSSConfig.init();
@@ -114,12 +103,21 @@ public class XmlSigOutInterceptor extend
// enveloping & detached sigs will be supported too
private void createEnvelopedSignature(Message message, Document doc)
throws Exception {
- //--- This code will be moved to a common utility class
- Crypto crypto = getCrypto(message,
- SecurityConstants.SIGNATURE_CRYPTO,
- SecurityConstants.SIGNATURE_PROPERTIES);
- String user = getUserName(message, crypto);
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+
+ CryptoLoader loader = new CryptoLoader();
+ Crypto crypto = loader.getCrypto(message,
+ SecurityConstants.SIGNATURE_CRYPTO,
+ SecurityConstants.SIGNATURE_PROPERTIES);
+ if (crypto == null) {
+ crypto = loader.getCrypto(message,
+ SecurityConstants.ENCRYPT_CRYPTO,
+ SecurityConstants.ENCRYPT_PROPERTIES);
+ userNameKey = SecurityConstants.ENCRYPT_USERNAME;
+ }
+ String user = getUserName(message, crypto, userNameKey);
+
if (StringUtils.isEmpty(user)) {
return;
}
@@ -127,7 +125,7 @@ public class XmlSigOutInterceptor extend
String password = getPassword(message, user, WSPasswordCallback.SIGNATURE);
//---
//
- // prepare to sign the SAML token
+ // prepare to sign the SAML token
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(user);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
@@ -206,8 +204,7 @@ public class XmlSigOutInterceptor extend
}
// This code will be moved to a common utility class
- private String getUserName(Message message, Crypto crypto) {
- String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ private String getUserName(Message message, Crypto crypto, String userNameKey) {
String user = (String)message.getContextualProperty(userNameKey);
if (crypto != null && StringUtils.isEmpty(user)) {
try {
@@ -256,81 +253,5 @@ public class XmlSigOutInterceptor extend
return handler;
}
- private Crypto getCrypto(Message message,
- String cryptoKey,
- String propKey) {
- Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
- if (crypto != null) {
- return crypto;
- }
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- crypto = getCryptoCache(message).get(o);
- if (crypto != null) {
- return crypto;
- }
- Properties properties = null;
- if (o instanceof Properties) {
- properties = (Properties)o;
- } else if (o instanceof String) {
- ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
- URL url = rm.resolveResource((String)o, URL.class);
- try {
- if (url == null) {
- url = ClassLoaderUtils.getResource((String)o, this.getClass());
- }
- if (url == null) {
- try {
- url = new URL((String)o);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
- if (url != null) {
- InputStream ins = url.openStream();
- properties = new Properties();
- properties.load(ins);
- ins.close();
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- } else if (o instanceof URL) {
- properties = new Properties();
- try {
- InputStream ins = ((URL)o).openStream();
- properties.load(ins);
- ins.close();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- if (properties != null) {
- try {
- crypto = CryptoFactory.getInstance(properties);
- } catch (Exception ex) {
- return null;
- }
- getCryptoCache(message).put(o, crypto);
- }
- return crypto;
- }
- protected final Map<Object, Crypto> getCryptoCache(Message message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- Map<Object, Crypto> o =
- CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
- if (o == null) {
- o = new ConcurrentHashMap<Object, Crypto>();
- info.setProperty(CRYPTO_CACHE, o);
- }
- return o;
- }
- }
}