You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/03/23 16:44:47 UTC
[3/3] cxf git commit: Large refactor mainly of cxf-rt-rs-security-xml
following on from WSS4J trunk changes
Large refactor mainly of cxf-rt-rs-security-xml following on from WSS4J trunk changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/35063023
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/35063023
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/35063023
Branch: refs/heads/master
Commit: 3506302369c0a28647056c1da469bd9844e45826
Parents: ed18c00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Mar 23 14:42:48 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Mar 23 15:44:40 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/common/CryptoLoader.java | 65 +++------
.../cxf/rs/security/common/SecurityUtils.java | 21 +--
.../rs/security/saml/AbstractSamlInHandler.java | 7 +-
.../saml/AbstractSamlOutInterceptor.java | 4 +-
.../apache/cxf/rs/security/saml/SAMLUtils.java | 13 +-
.../security/saml/SamlHeaderOutInterceptor.java | 2 +-
.../security/xml/AbstractXmlEncInHandler.java | 12 +-
.../security/xml/AbstractXmlSecInHandler.java | 12 +-
.../xml/AbstractXmlSecOutInterceptor.java | 12 +-
.../security/xml/AbstractXmlSigInHandler.java | 81 +----------
.../cxf/rs/security/xml/EncryptionUtils.java | 6 +-
.../rs/security/xml/XmlEncOutInterceptor.java | 75 +++--------
.../rs/security/xml/XmlSecInInterceptor.java | 6 +-
.../rs/security/xml/XmlSecOutInterceptor.java | 33 +----
.../rs/security/xml/XmlSigOutInterceptor.java | 2 +-
rt/security/pom.xml | 22 ---
.../apache/cxf/rt/security/claims/Claim.java | 2 +-
.../claims/ClaimsAuthorizingInterceptor.java | 10 +-
.../apache/cxf/rt/security/saml/SAMLUtils.java | 2 +-
.../cxf/rt/security/utils/SecurityUtils.java | 119 +++++++++++++++++
.../AbstractXACMLAuthorizingInterceptor.java | 2 +-
.../xacml/DefaultXACMLRequestBuilder.java | 11 +-
.../apache/cxf/ws/security/SecurityUtils.java | 133 -------------------
.../cxf/ws/security/kerberos/KerberosUtils.java | 2 +-
.../KerberosTokenInterceptorProvider.java | 8 +-
.../policy/interceptors/NegotiationUtils.java | 8 +-
.../policy/interceptors/STSTokenHelper.java | 15 ++-
.../SecureConversationInInterceptor.java | 9 +-
.../SecureConversationOutInterceptor.java | 8 +-
.../SpnegoContextTokenInInterceptor.java | 3 +-
.../SpnegoContextTokenOutInterceptor.java | 9 +-
.../tokenstore/EHCacheTokenStoreFactory.java | 2 +-
.../ws/security/tokenstore/SecurityToken.java | 12 +-
.../ws/security/tokenstore/TokenStoreUtils.java | 64 +++++++++
.../ws/security/trust/AbstractSTSClient.java | 7 +-
.../ws/security/trust/STSTokenValidator.java | 5 +-
.../wss4j/AbstractTokenInterceptor.java | 3 +-
.../wss4j/AbstractWSS4JStaxInterceptor.java | 2 +-
.../wss4j/BinarySecurityTokenInterceptor.java | 3 +-
.../ws/security/wss4j/SamlTokenInterceptor.java | 3 +-
.../wss4j/UsernameTokenInterceptor.java | 3 +-
.../ws/security/wss4j/WSS4JInInterceptor.java | 8 +-
.../security/wss4j/WSS4JStaxInInterceptor.java | 4 +-
.../cxf/ws/security/wss4j/WSS4JUtils.java | 7 +-
.../policyhandlers/AbstractBindingBuilder.java | 46 ++++---
.../AbstractCommonBindingHandler.java | 8 +-
.../AbstractStaxBindingHandler.java | 7 +-
.../AsymmetricBindingHandler.java | 18 +--
.../StaxAsymmetricBindingHandler.java | 6 +-
.../StaxSymmetricBindingHandler.java | 58 ++------
.../StaxTransportBindingHandler.java | 6 +-
.../policyhandlers/SymmetricBindingHandler.java | 10 +-
.../policyhandlers/TransportBindingHandler.java | 2 +-
.../AbstractBindingPolicyValidator.java | 22 ---
.../AsymmetricBindingPolicyValidator.java | 11 +-
.../KerberosTokenPolicyValidator.java | 4 +-
.../X509TokenPolicyValidator.java | 7 +-
57 files changed, 442 insertions(+), 600 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
index 267dae7..8d1474e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
@@ -19,21 +19,16 @@
package org.apache.cxf.rs.security.common;
-import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URI;
import java.net.URL;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -42,16 +37,17 @@ import org.apache.wss4j.common.ext.WSSecurityException;
public class CryptoLoader {
private static final String CRYPTO_CACHE = "rs-security-xml-crypto.cache";
-
+
public Crypto loadCrypto(String cryptoResource) throws IOException, WSSecurityException {
- URL url = ClassLoaderUtils.getResource(cryptoResource, this.getClass());
+ URL url =
+ org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(null, cryptoResource);
if (url != null) {
return loadCryptoFromURL(url);
} else {
return null;
}
}
-
+
public Crypto getCrypto(Message message,
String cryptoKey,
String propKey)
@@ -74,47 +70,18 @@ public class CryptoLoader {
return crypto;
}
- ClassLoaderHolder orig = null;
- try {
- URL url = ClassLoaderUtils.getResource(propResourceName, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("", ClassLoader.class);
- if (loader != null) {
- orig = ClassLoaderUtils.setThreadContextClassloader(loader);
- }
- url = manager.resolveResource(propResourceName, URL.class);
- }
- if (url == null) {
- try {
- URI propResourceUri = URI.create(propResourceName);
- if (propResourceUri.getScheme() != null) {
- url = propResourceUri.toURL();
- } else {
- File f = new File(propResourceUri.toString());
- if (f.exists()) {
- url = f.toURI().toURL();
- }
- }
- } catch (IOException ex) {
- // let CryptoFactory try to load it
- }
- }
- if (url != null) {
- crypto = loadCryptoFromURL(url);
- } else {
- crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
- }
- if (cryptoCache != null) {
- cryptoCache.put(o, crypto);
- }
- return crypto;
- } finally {
- if (orig != null) {
- orig.reset();
- }
+ URL url = org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(message, propResourceName);
+
+ if (url != null) {
+ crypto = loadCryptoFromURL(url);
+ } else {
+ crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
}
+ if (cryptoCache != null && crypto != null) {
+ cryptoCache.put(o, crypto);
+ }
+
+ return crypto;
}
public static Crypto loadCryptoFromURL(URL url) throws IOException, WSSecurityException {
@@ -133,7 +100,7 @@ public class CryptoLoader {
Map<Object, Crypto> o =
CastUtils.cast((Map<?, ?>)info.getProperty(CRYPTO_CACHE));
if (o == null) {
- o = new ConcurrentHashMap<Object, Crypto>();
+ o = new ConcurrentHashMap<>();
info.setProperty(CRYPTO_CACHE, o);
}
return o;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
index 51db0d2..bc9849f 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
@@ -28,7 +28,6 @@ import javax.security.auth.callback.CallbackHandler;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
@@ -125,7 +124,7 @@ public final class SecurityUtils {
}
public static String getPassword(Message message, String userName,
- int type, Class<?> callingClass) {
+ int type, Class<?> callingClass) throws WSSecurityException {
CallbackHandler handler = getCallbackHandler(message, callingClass);
if (handler == null) {
return null;
@@ -143,28 +142,18 @@ public final class SecurityUtils {
return password == null ? "" : password;
}
- public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass) {
+ public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass)
+ throws WSSecurityException {
return getCallbackHandler(message, callingClass, SecurityConstants.CALLBACK_HANDLER);
}
public static CallbackHandler getCallbackHandler(Message message,
Class<?> callingClass,
- String callbackProperty) {
+ String callbackProperty) throws WSSecurityException {
//Then try to get the password from the given callback handler
Object o = message.getContextualProperty(callbackProperty);
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils
- .loadClass((String)o, callingClass).newInstance();
- } catch (Exception e) {
- handler = null;
- }
- }
- return handler;
+ return org.apache.cxf.rt.security.utils.SecurityUtils.getCallbackHandler(o);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index a8a1be3..1e93601 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -50,7 +50,9 @@ import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
@@ -59,7 +61,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
@@ -75,7 +76,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
LogUtils.getL7dLogger(AbstractSamlInHandler.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private Validator samlValidator = new SamlAssertionValidator();
@@ -142,7 +143,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
throwFault("Crypto can not be loaded", ex);
}
data.setEnableRevocation(MessageUtils.isTrue(
- message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
+ message.getContextualProperty(ConfigurationConstants.ENABLE_REVOCATION)));
Signature sig = assertion.getSignature();
WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
index f54152e..71f140a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
@@ -27,13 +27,13 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSSConfig;
public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private boolean useDeflateEncoding = true;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index c19d199..7660337 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -63,9 +63,16 @@ public final class SAMLUtils {
}
public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
- CallbackHandler handler = SecurityUtils.getCallbackHandler(
- message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
- return createAssertion(message, handler);
+ try {
+ CallbackHandler handler = SecurityUtils.getCallbackHandler(
+ message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
+ return createAssertion(message, handler);
+ } catch (Exception ex) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
+ LOG.warning(sw.toString());
+ throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+ }
}
public static SamlAssertionWrapper createAssertion(Message message,
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
index 34f98ff..29f3b7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
@@ -75,7 +75,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
Map<String, List<String>> headers =
CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
if (headers == null) {
- headers = new HashMap<String, List<String>>();
+ headers = new HashMap<>();
message.put(Message.PROTOCOL_HEADERS, headers);
}
return headers;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 431d05e..31e0431 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -45,7 +45,6 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
@@ -113,7 +112,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
throwFault("Crypto can not be loaded", ex);
}
- Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey", 0);
+ Element encKeyElement = getNode(encDataElement, ENC_NS, "EncryptedKey", 0);
if (encKeyElement == null) {
//TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of band
throwFault("EncryptedKey element is not available", null);
@@ -146,8 +145,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
- Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS,
- "CipherValue", 0);
+ Element cipherValue = getNode(encKeyElement, ENC_NS, "CipherValue", 0);
if (cipherValue == null) {
throwFault("CipherValue element is not available", null);
}
@@ -200,7 +198,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
private String getEncodingMethodAlgorithm(Element parent) {
- Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+ Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
if (encMethod == null) {
throwFault("EncryptionMethod element is not available", null);
}
@@ -208,9 +206,9 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
}
private String getDigestMethodAlgorithm(Element parent) {
- Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+ Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
if (encMethod != null) {
- Element digestMethod = getNode(encMethod, WSConstants.SIG_NS, "DigestMethod", 0);
+ Element digestMethod = getNode(encMethod, SIG_NS, "DigestMethod", 0);
if (digestMethod != null) {
return digestMethod.getAttributeNS(null, "Algorithm");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
index 035e54b..0c5912e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
@@ -29,22 +29,28 @@ import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
public abstract class AbstractXmlSecInHandler {
+ protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ protected static final String SIG_PREFIX = "ds";
+ protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ protected static final String ENC_PREFIX = "xenc";
+ protected static final String WSU_NS =
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractXmlSecInHandler.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
private boolean allowEmptyBody;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
index 61a30cd..5d5ae7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
@@ -40,15 +39,22 @@ import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ protected static final String SIG_PREFIX = "ds";
+ protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ protected static final String ENC_PREFIX = "xenc";
+ protected static final String WSU_NS =
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractXmlSecOutInterceptor.class);
static {
- WSSConfig.init();
+ WSProviderConfig.init();
}
public AbstractXmlSecOutInterceptor() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
index 3875e61..ca092b9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
@@ -32,7 +32,6 @@ import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
@@ -42,7 +41,7 @@ import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.Reference;
@@ -291,86 +290,12 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
String expectedID = ref.getURI().substring(1);
if (!expectedID.equals(rootId)) {
- return findElementById(root, expectedID, true);
+ return XMLUtils.findElementById(root, expectedID, true);
} else {
return root;
}
}
- /**
- * Returns the single element that contains an Id with value
- * <code>uri</code> and <code>namespace</code>. The Id can be either a wsu:Id or an Id
- * with no namespace. This is a replacement for a XPath Id lookup with the given namespace.
- * It's somewhat faster than XPath, and we do not deal with prefixes, just with the real
- * namespace URI
- *
- * If checkMultipleElements is true and there are multiple elements, we log a
- * warning and return null as this can be used to get around the signature checking.
- *
- * @param startNode Where to start the search
- * @param value Value of the Id attribute
- * @param checkMultipleElements If true then go through the entire tree and return
- * null if there are multiple elements with the same Id
- * @return The found element if there was exactly one match, or
- * <code>null</code> otherwise
- */
- private static Element findElementById(
- Node startNode, String value, boolean checkMultipleElements
- ) {
- //
- // Replace the formerly recursive implementation with a depth-first-loop lookup
- //
- Node startParent = startNode.getParentNode();
- Node processedNode = null;
- Element foundElement = null;
- String id = value;
-
- while (startNode != null) {
- // start node processing at this point
- if (startNode.getNodeType() == Node.ELEMENT_NODE) {
- Element se = (Element) startNode;
- // Try the wsu:Id first
- String attributeNS = se.getAttributeNS(WSConstants.WSU_NS, "Id");
- if ("".equals(attributeNS) || !id.equals(attributeNS)) {
- attributeNS = se.getAttributeNS(null, "Id");
- }
- if ("".equals(attributeNS) || !id.equals(attributeNS)) {
- attributeNS = se.getAttributeNS(null, "ID");
- }
- if (!"".equals(attributeNS) && id.equals(attributeNS)) {
- if (!checkMultipleElements) {
- return se;
- } else if (foundElement == null) {
- foundElement = se; // Continue searching to find duplicates
- } else {
- // Multiple elements with the same 'Id' attribute value
- return null;
- }
- }
- }
-
- processedNode = startNode;
- startNode = startNode.getFirstChild();
-
- // no child, this node is done.
- if (startNode == null) {
- // close node processing, get sibling
- startNode = processedNode.getNextSibling();
- }
- // no more siblings, get parent, all children
- // of parent are processed.
- while (startNode == null) {
- processedNode = processedNode.getParentNode();
- if (processedNode == startParent) {
- return foundElement;
- }
- // close parent node processing (processed node now)
- startNode = processedNode.getNextSibling();
- }
- }
- return foundElement;
- }
-
public void setSignatureProperties(SignatureProperties properties) {
this.sigProps = properties;
}
@@ -385,7 +310,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
*/
public void setSubjectConstraints(List<String> constraints) {
if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
+ subjectDNPatterns = new ArrayList<>();
for (String constraint : constraints) {
try {
subjectDNPatterns.add(Pattern.compile(constraint.trim()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
index 94c9590..83951e0 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
@@ -29,7 +29,7 @@ import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -51,7 +51,7 @@ public final class EncryptionUtils {
int mode,
X509Certificate cert
) throws WSSecurityException {
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
try {
OAEPParameterSpec oaepParameters =
constructOAEPParameters(
@@ -81,7 +81,7 @@ public final class EncryptionUtils {
public static Cipher initCipherWithKey(String keyEncAlgo, String digestAlgo, int mode, Key key)
throws WSSecurityException {
- Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+ Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
try {
OAEPParameterSpec oaepParameters =
constructOAEPParameters(
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index 6635c3d..7659519 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -18,7 +18,6 @@
*/
package org.apache.cxf.rs.security.xml;
-import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.logging.Logger;
@@ -34,7 +33,6 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
-
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
@@ -46,11 +44,10 @@ import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.message.token.DOMX509Data;
-import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.wss4j.common.token.DOMX509Data;
+import org.apache.wss4j.common.token.DOMX509IssuerSerial;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.impl.util.IDGenerator;
@@ -153,7 +150,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey);
Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false);
- NodeList list = result.getElementsByTagNameNS(WSConstants.ENC_NS, "CipherValue");
+ NodeList list = result.getElementsByTagNameNS(ENC_NS, "CipherValue");
if (list.getLength() != 1) {
throw new Exception("Payload CipherData is missing");
}
@@ -169,7 +166,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
private byte[] getSymmetricKey(String symEncAlgo) throws Exception {
synchronized (this) {
if (symmetricKey == null) {
- KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
symmetricKey = keyGen.generateKey();
}
return symmetricKey.getEncoded();
@@ -181,29 +178,6 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
return certs[0];
}
- private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
- try {
- //
- // Assume AES as default, so initialize it
- //
- String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
- KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
- keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
- keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
- keyGen.init(256);
- }
- return keyGen;
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
- }
- }
-
// Apache Security XMLCipher does not support
// Certificates for encrypting the keys
protected byte[] encryptSymmetricKey(byte[] keyBytes,
@@ -265,13 +239,10 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
xencCipherValue.appendChild(doc.createTextNode(encodedKey));
Element topKeyInfoElement =
- doc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
- );
+ doc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
Element retrievalMethodElement =
- doc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":RetrievalMethod"
- );
+ doc.createElementNS(SIG_NS, SIG_PREFIX + ":RetrievalMethod");
+
retrievalMethodElement.setAttribute("Type", DEFAULT_RETRIEVAL_METHOD_TYPE);
topKeyInfoElement.appendChild(retrievalMethodElement);
@@ -282,9 +253,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
protected Element createCipherValue(Document doc, Element encryptedKey) {
Element cipherData =
- doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherData");
+ doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherData");
Element cipherValue =
- doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherValue");
+ doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherValue");
cipherData.appendChild(cipherValue);
encryptedKey.appendChild(cipherData);
return cipherValue;
@@ -293,9 +264,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
private Element createKeyInfoElement(Document encryptedDataDoc,
X509Certificate remoteCert) throws Exception {
Element keyInfoElement =
- encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
- );
+ encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
String keyIdType = encProps.getEncryptionKeyIdType() == null
? SecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
@@ -311,11 +280,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
);
}
Text text = encryptedDataDoc.createTextNode(Base64.encode(data));
- Element cert = encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_CERT_LN);
+ Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
cert.appendChild(text);
- Element x509Data = encryptedDataDoc.createElementNS(
- WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_DATA_LN);
+ Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
x509Data.appendChild(cert);
keyIdentifierNode = x509Data;
@@ -341,16 +308,15 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
String keyEncAlgo,
String digestAlgo) {
Element encryptedKey =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedKey");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedKey");
Element encryptionMethod =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX
+ ":EncryptionMethod");
encryptionMethod.setAttributeNS(null, "Algorithm", keyEncAlgo);
if (digestAlgo != null) {
Element digestMethod =
- encryptedDataDoc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX
- + ":DigestMethod");
+ encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":DigestMethod");
digestMethod.setAttributeNS(null, "Algorithm", digestAlgo);
encryptionMethod.appendChild(digestMethod);
}
@@ -360,13 +326,12 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
protected Element createEncryptedDataElement(Document encryptedDataDoc, String symEncAlgo) {
Element encryptedData =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedData");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedData");
- WSSecurityUtil.setNamespace(encryptedData, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+ XMLUtils.setNamespace(encryptedData, ENC_NS, ENC_PREFIX);
Element encryptionMethod =
- encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX
- + ":EncryptionMethod");
+ encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptionMethod");
encryptionMethod.setAttributeNS(null, "Algorithm", symEncAlgo);
encryptedData.appendChild(encryptionMethod);
encryptedDataDoc.appendChild(encryptedData);
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 03c4dd9..9576bb9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -85,7 +85,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
/**
* a collection of compiled regular expression patterns for the subject DN
*/
- private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
+ private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
public XmlSecInInterceptor() {
super(Phase.POST_STREAM);
@@ -211,7 +211,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
protected SecurityEventListener configureSecurityEventListener(
final Crypto sigCrypto, final Message msg, XMLSecurityProperties securityProperties
) {
- final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+ final List<SecurityEvent> incomingSecurityEventList = new LinkedList<>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
@@ -365,7 +365,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
*/
public void setSubjectConstraints(List<String> constraints) {
if (constraints != null) {
- subjectDNPatterns = new ArrayList<Pattern>();
+ subjectDNPatterns = new ArrayList<>();
for (String constraint : constraints) {
try {
subjectDNPatterns.add(Pattern.compile(constraint.trim()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 602f5bc..41be15a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -19,7 +19,6 @@
package org.apache.cxf.rs.security.xml;
import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -51,9 +50,8 @@ import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.xml.security.Init;
-import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutboundXMLSec;
@@ -84,8 +82,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
private SecretKey symmetricKey;
private boolean signRequest;
private boolean encryptRequest;
- private List<QName> elementsToSign = new ArrayList<QName>();
- private List<QName> elementsToEncrypt = new ArrayList<QName>();
+ private List<QName> elementsToSign = new ArrayList<>();
+ private List<QName> elementsToEncrypt = new ArrayList<>();
private boolean keyInfoMustBeAvailable = true;
static {
@@ -259,36 +257,13 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
private SecretKey getSymmetricKey(String symEncAlgo) throws Exception {
synchronized (this) {
if (symmetricKey == null) {
- KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
symmetricKey = keyGen.generateKey();
}
return symmetricKey;
}
}
- private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
- try {
- //
- // Assume AES as default, so initialize it
- //
- String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
- KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
- if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
- keyGen.init(128);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
- keyGen.init(192);
- } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
- || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
- keyGen.init(256);
- }
- return keyGen;
- } catch (NoSuchAlgorithmException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
- }
- }
-
private void configureSignature(
Message message, XMLSecurityProperties properties
) throws Exception {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index 9c415ee..05800c6 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -61,7 +61,7 @@ public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
private static final Set<String> SUPPORTED_STYLES =
- new HashSet<String>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
+ new HashSet<>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
private QName envelopeQName = DEFAULT_ENV_QNAME;
private String sigStyle = ENVELOPED_SIG;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/pom.xml
----------------------------------------------------------------------
diff --git a/rt/security/pom.xml b/rt/security/pom.xml
index 1d487f2..1a1ca60 100644
--- a/rt/security/pom.xml
+++ b/rt/security/pom.xml
@@ -47,28 +47,6 @@
<version>${cxf.wss4j.version}</version>
</dependency>
<dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml-xacml-impl</artifactId>
- <version>${cxf.opensaml.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.google.code.findbugs</groupId>
- <artifactId>jsr305</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml-xacml-saml-impl</artifactId>
- <version>${cxf.opensaml.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.google.code.findbugs</groupId>
- <artifactId>jsr305</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-jdk14</artifactId>
<scope>test</scope>
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
index 668efc1..1e58575 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
@@ -41,7 +41,7 @@ public class Claim implements Serializable, Cloneable {
private URI claimType;
private boolean optional;
- private List<Object> values = new ArrayList<Object>(1);
+ private List<Object> values = new ArrayList<>(1);
public Claim() {
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
index 284b6ea..22d61cf 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
@@ -52,13 +52,13 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
private static final Set<String> SKIP_METHODS;
static {
- SKIP_METHODS = new HashSet<String>();
+ SKIP_METHODS = new HashSet<>();
SKIP_METHODS.addAll(Arrays.asList(
new String[] {"wait", "notify", "notifyAll",
"equals", "toString", "hashCode"}));
}
- private Map<String, List<ClaimBean>> claims = new HashMap<String, List<ClaimBean>>();
+ private Map<String, List<ClaimBean>> claims = new HashMap<>();
private Map<String, String> nameAliases = Collections.emptyMap();
private Map<String, String> formatAliases = Collections.emptyMap();
@@ -163,7 +163,7 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
List<ClaimBean> methodClaims =
getClaims(m.getAnnotation(Claims.class), m.getAnnotation(Claim.class));
- List<ClaimBean> allClaims = new ArrayList<ClaimBean>(methodClaims);
+ List<ClaimBean> allClaims = new ArrayList<>(methodClaims);
for (ClaimBean bean : clsClaims) {
if (isClaimOverridden(bean, methodClaims)) {
continue;
@@ -200,9 +200,9 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
private List<ClaimBean> getClaims(
Claims claimsAnn, Claim claimAnn) {
- List<ClaimBean> claimsList = new ArrayList<ClaimBean>();
+ List<ClaimBean> claimsList = new ArrayList<>();
- List<Claim> annClaims = new ArrayList<Claim>();
+ List<Claim> annClaims = new ArrayList<>();
if (claimsAnn != null) {
annClaims.addAll(Arrays.asList(claimsAnn.value()));
} else if (claimAnn != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
index bec5702..8229a07 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
@@ -109,7 +109,7 @@ public final class SAMLUtils {
roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
- Set<Principal> roles = new HashSet<Principal>();
+ Set<Principal> roles = new HashSet<>();
for (Claim claim : claims) {
if (claim instanceof SAMLClaim && ((SAMLClaim)claim).getName().equals(name)
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
new file mode 100644
index 0000000..c62acf8
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.wss4j.common.ext.WSSecurityException;
+
+/**
+ * Some common functionality
+ */
+public final class SecurityUtils {
+
+ private SecurityUtils() {
+ // complete
+ }
+
+ public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o,
+ SecurityUtils.class).newInstance();
+ } catch (Exception e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ }
+ }
+ return handler;
+ }
+
+ public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
+ Object o = message.getContextualProperty(configFileKey);
+ if (o == null) {
+ o = configFileDefault;
+ }
+
+ return loadResource(message, o);
+ }
+
+ public static URL loadResource(Message message, Object o) {
+
+ if (o instanceof String) {
+ URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
+ if (url != null) {
+ return url;
+ }
+ ClassLoaderHolder orig = null;
+ try {
+ if (message != null) {
+ ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+ ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
+ if (loader != null) {
+ orig = ClassLoaderUtils.setThreadContextClassloader(loader);
+ }
+ url = manager.resolveResource((String)o, URL.class);
+ }
+ if (url == null) {
+ try {
+ url = new URL((String)o);
+ } catch (IOException e) {
+ // Do nothing
+ }
+ }
+ if (url == null) {
+ try {
+ URI propResourceUri = URI.create((String)o);
+ if (propResourceUri.getScheme() != null) {
+ url = propResourceUri.toURL();
+ } else {
+ File f = new File(propResourceUri.toString());
+ if (f.exists()) {
+ url = f.toURI().toURL();
+ }
+ }
+ } catch (IOException ex) {
+ // Do nothing
+ }
+ }
+ return url;
+ } finally {
+ if (orig != null) {
+ orig.reset();
+ }
+ }
+ } else if (o instanceof URL) {
+ return (URL)o;
+ }
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
index c0e6da0..fe109e5 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
@@ -77,7 +77,7 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI
LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc;
Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
- List<String> roles = new ArrayList<String>();
+ List<String> roles = new ArrayList<>();
if (principalRoles != null) {
for (Principal p : principalRoles) {
if (p != principal) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
index cfb8793..c2bb40b 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
@@ -81,7 +81,7 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
}
private ResourceType createResourceType(CXFMessageParser messageParser) {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
+ List<AttributeType> attributes = new ArrayList<>();
// Resource-id
String resourceId = null;
@@ -131,23 +131,26 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
}
private EnvironmentType createEnvironmentType() {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
if (sendDateTime) {
+ List<AttributeType> attributes = new ArrayList<>();
AttributeType environmentAttribute = createAttribute(XACMLConstants.CURRENT_DATETIME,
XACMLConstants.XS_DATETIME, null,
new DateTime().toString());
attributes.add(environmentAttribute);
+ return RequestComponentBuilder.createEnvironmentType(attributes);
}
+
+ List<AttributeType> attributes = Collections.emptyList();
return RequestComponentBuilder.createEnvironmentType(attributes);
}
private SubjectType createSubjectType(Principal principal, List<String> roles, String issuer) {
- List<AttributeType> attributes = new ArrayList<AttributeType>();
+ List<AttributeType> attributes = new ArrayList<>();
attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer,
principal.getName()));
if (roles != null) {
- List<AttributeValueType> roleAttributes = new ArrayList<AttributeValueType>();
+ List<AttributeValueType> roleAttributes = new ArrayList<>();
for (String role : roles) {
if (role != null) {
AttributeValueType subjectRoleAttributeValue =
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
deleted file mode 100644
index 17f8d57..0000000
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.ws.security;
-
-import java.io.IOException;
-import java.net.URL;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-
-/**
- * Some common functionality
- */
-public final class SecurityUtils {
-
- private SecurityUtils() {
- // complete
- }
-
- public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o,
- SecurityUtils.class).newInstance();
- } catch (Exception e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
- }
- return handler;
- }
-
- public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
- Object o = message.getContextualProperty(configFileKey);
- if (o == null) {
- o = configFileDefault;
- }
-
- return loadResource(message, o);
- }
-
- public static URL loadResource(Message message, Object o) {
-
- if (o instanceof String) {
- URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
- if (url != null) {
- return url;
- }
- ClassLoaderHolder orig = null;
- try {
- ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
- if (loader != null) {
- orig = ClassLoaderUtils.setThreadContextClassloader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- if (url == null) {
- try {
- url = new URL((String)o);
- } catch (IOException e) {
- // Do nothing
- }
- }
- return url;
- } finally {
- if (orig != null) {
- orig.reset();
- }
- }
- } else if (o instanceof URL) {
- return (URL)o;
- }
- return null;
- }
-
- public static TokenStore getTokenStore(Message message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- TokenStore tokenStore =
- (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- if (tokenStore == null) {
- tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
- }
- if (tokenStore == null) {
- TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
- String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
- String cacheIdentifier =
- (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
- if (cacheIdentifier != null) {
- cacheKey += "-" + cacheIdentifier;
- } else if (info.getName() != null) {
- int hashcode = info.getName().toString().hashCode();
- if (hashcode < 0) {
- cacheKey += hashcode;
- } else {
- cacheKey += "-" + hashcode;
- }
- }
- tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
- info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
- }
- return tokenStore;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index e67938d..62c4dd3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -23,8 +23,8 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 7c03bb2..de9d1c6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -40,11 +40,11 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.kerberos.KerberosClient;
import org.apache.cxf.ws.security.kerberos.KerberosUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
@@ -128,11 +128,11 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID,
tok.getId());
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval
if (tok.getSHA1() != null) {
- SecurityUtils.getTokenStore(message).add(tok.getSHA1(), tok);
+ TokenStoreUtils.getTokenStore(message).add(tok.getSHA1(), tok);
}
}
} else {
@@ -267,7 +267,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
// Just consume this for now as it isn't critical...
}
- SecurityUtils.getTokenStore(message).add(token);
+ TokenStoreUtils.getTokenStore(message).add(token);
message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
index 3ac9fb9..6690523 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
@@ -43,10 +43,10 @@ import org.apache.cxf.ws.policy.EndpointPolicy;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
@@ -159,7 +159,7 @@ final class NegotiationUtils {
try {
Endpoint endpoint = message.getExchange().getEndpoint();
- TokenStore store = SecurityUtils.getTokenStore(message);
+ TokenStore store = TokenStoreUtils.getTokenStore(message);
if (secConv) {
endpoint = STSUtils.createSCEndpoint(bus,
namespace,
@@ -230,7 +230,7 @@ final class NegotiationUtils {
(SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());
- SecurityToken token = SecurityUtils.getTokenStore(message).getToken(tok.getIdentifier());
+ SecurityToken token = TokenStoreUtils.getTokenStore(message).getToken(tok.getIdentifier());
if (token == null || token.isExpired()) {
byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
if (secret != null) {
@@ -238,7 +238,7 @@ final class NegotiationUtils {
token.setToken(tok.getElement());
token.setSecret(secret);
token.setTokenType(tok.getTokenType());
- SecurityUtils.getTokenStore(message).add(token);
+ TokenStoreUtils.getTokenStore(message).add(token);
}
}
if (token != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
index 2771883..57e9c6d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
@@ -25,6 +25,7 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
+
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.Fault;
@@ -33,9 +34,9 @@ import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -93,7 +94,7 @@ public final class STSTokenHelper {
message.put(SecurityConstants.TOKEN_ID, tok.getId());
}
// ?
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
return tok;
}
@@ -110,7 +111,7 @@ public final class STSTokenHelper {
if (tok == null) {
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
} else {
@@ -118,7 +119,7 @@ public final class STSTokenHelper {
if (tok == null) {
String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
}
@@ -208,7 +209,7 @@ public final class STSTokenHelper {
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN);
- SecurityUtils.getTokenStore(message).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(message).remove(tok.getId());
// If the user has explicitly disabled Renewing then we can't renew a token,
// so just get a new one
@@ -317,7 +318,7 @@ public final class STSTokenHelper {
Element actAsToken,
String appliesTo,
boolean enableAppliesTo) throws Exception {
- TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+ TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
String key = appliesTo;
if (!enableAppliesTo || key == null || "".equals(key)) {
key = ASSOCIATED_TOKEN;
@@ -382,7 +383,7 @@ public final class STSTokenHelper {
if (issuedToken == null) {
return;
}
- TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+ TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
String key = appliesTo;
if (!enableAppliesTo || key == null || "".equals(key)) {
key = ASSOCIATED_TOKEN;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index c869f57..5bdab96 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -28,6 +28,7 @@ import java.util.Properties;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
@@ -47,11 +48,11 @@ import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
@@ -429,7 +430,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
if (st == null) {
String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (id != null) {
- st = SecurityUtils.getTokenStore(message).getToken(id);
+ st = TokenStoreUtils.getTokenStore(message).getToken(id);
}
}
if (st != null && !st.isExpired()) {
@@ -506,7 +507,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
if (tok == null) {
String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(m2).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(m2).getToken(tokId);
}
}
@@ -529,7 +530,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
}
client.cancelSecurityToken(tok);
- SecurityUtils.getTokenStore(m2).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(m2).remove(tok.getId());
m2.put(SecurityConstants.TOKEN, null);
} catch (RuntimeException e) {
throw e;
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index 083b1f9..5f92311 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -36,10 +36,10 @@ import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.IssuedTokenOutInterceptor;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.dom.WSConstants;
@@ -75,7 +75,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
if (tok == null) {
String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
- tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+ tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
if (tok == null) {
@@ -91,7 +91,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN, tok);
- SecurityUtils.getTokenStore(message).add(tok);
+ TokenStoreUtils.getTokenStore(message).add(tok);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
} else {
@@ -118,7 +118,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN);
- SecurityUtils.getTokenStore(message).remove(tok.getId());
+ TokenStoreUtils.getTokenStore(message).remove(tok.getId());
STSClient client = STSUtils.getClient(message, "sct");
AddressingProperties maps =