Author: dkulp
Date: Fri Dec 5 11:08:16 2008
New Revision: 723821
URL: http://svn.apache.org/viewvc?rev=723821&view=rev
Log:
Make signature keys separate from stuff for usernametoken
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Fri Dec 5 11:08:16 2008
@@ -27,7 +27,9 @@
public static final String PASSWORD = "ws-security.password";
public static final String CALLBACK_HANDLER =
"ws-security.callback-handler";
+ public static final String SIGNATURE_USERNAME =
"ws-security.signature.username";
public static final String SIGNATURE_PROPERTIES =
"ws-security.signature.properties";
+
public static final String ENCRYPT_USERNAME =
"ws-security.encryption.username";
public static final String ENCRYPT_PROPERTIES =
"ws-security.encryption.properties";
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Dec 5 11:08:16 2008
@@ -828,7 +828,7 @@
public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder,
TokenWrapper token,
boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
- ?
SecurityConstants.USERNAME
+ ?
SecurityConstants.SIGNATURE_USERNAME
:
SecurityConstants.ENCRYPT_USERNAME);
if (encrUser == null) {
encrUser = crypto.getDefaultX509Alias();
@@ -962,31 +962,48 @@
setKeyIdentifierType(sig, wrapper, token);
boolean encryptCrypto = false;
- String userNameKey = SecurityConstants.USERNAME;
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
String type = "signature";
if (binding instanceof SymmetricBinding) {
encryptCrypto = ((SymmetricBinding)binding).getProtectionToken()
!= null;
userNameKey = SecurityConstants.ENCRYPT_USERNAME;
}
-
+ Crypto crypto = encryptCrypto ? getEncryptionCrypto(wrapper) :
getSignatureCrypto(wrapper);
String user = (String)message.getContextualProperty(userNameKey);
if (StringUtils.isEmpty(user)) {
+ user = crypto.getDefaultX509Alias();
+ }
+ if (user == null) {
+ try {
+ Enumeration<String> en = crypto.getKeyStore().aliases();
+ if (en.hasMoreElements()) {
+ user = en.nextElement();
+ }
+ if (en.hasMoreElements()) {
+ //more than one alias in the keystore, user WILL need
+ //to specify
+ user = null;
+ }
+ } catch (KeyStoreException e) {
+ //ignore
+ }
+ }
+ if (StringUtils.isEmpty(user)) {
policyNotAsserted(token, "No " + type + " username found.");
}
String password = getPassword(user, token,
WSPasswordCallback.SIGNATURE);
- if (StringUtils.isEmpty(password)) {
- policyNotAsserted(token, "No password found.");
+ if (password == null) {
+ password = "";
}
-
sig.setUserInfo(user, password);
sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
try {
sig.prepare(saaj.getSOAPPart(),
- encryptCrypto ? getEncryptionCrypto(wrapper) :
getSignatureCrypto(wrapper),
+ crypto,
secHeader);
} catch (WSSecurityException e) {
policyNotAsserted(token, e);
Modified:
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=723821&r1=723820&r2=723821&view=diff
==============================================================================
---
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Fri Dec 5 11:08:16 2008
@@ -82,7 +82,7 @@
EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
ServerPasswordCallback());
- ei.setProperty(SecurityConstants.USERNAME, "alice");
+ ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -95,7 +95,7 @@
ei = ep.getServer().getEndpoint().getEndpointInfo();
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
ServerPasswordCallback());
- ei.setProperty(SecurityConstants.USERNAME, "alice");
+ ei.setProperty(SecurityConstants.SIGNATURE_USERNAME, "alice");
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
@@ -110,7 +110,7 @@
DoubleItPortType pt;
pt = service.getDoubleItPortEncryptThenSign();
-
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"alice");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new
KeystorePasswordCallback());
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -122,7 +122,7 @@
pt = service.getDoubleItPortSignThenEncrypt();
-
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"alice");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new
KeystorePasswordCallback());
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -141,7 +141,7 @@
throw ex;
}
}
-
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME,
"bob");
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"bob");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD,
"pwd");
pt.doubleIt(BigInteger.valueOf(25));
