Author: coheigea
Date: Wed Mar 2 12:36:17 2011
New Revision: 1076194
URL: http://svn.apache.org/viewvc?rev=1076194&view=rev
Log:
Added support for Issued Tokens using the Transport Binding
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
Wed Mar 2 12:36:17 2011
@@ -19,7 +19,7 @@
package org.apache.cxf.ws.security.policy.interceptors;
-import java.security.Principal;
+import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
@@ -48,11 +48,11 @@ import org.apache.cxf.ws.security.trust.
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.ws.security.CustomTokenPrincipal;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
/**
@@ -242,32 +242,23 @@ public class IssuedTokenInterceptorProvi
) {
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt =
(Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.SIGN) {
- Principal principal =
-
(Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- if (principal instanceof CustomTokenPrincipal) {
- CustomTokenPrincipal customPrincipal =
- (CustomTokenPrincipal)principal;
- byte[] secretKey =
-
(byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
- if (secretKey != null) {
- SecurityToken token =
- new SecurityToken(
- customPrincipal.getName(),
- (java.util.Date)null,
- (java.util.Date)null
- );
- token.setSecret(secretKey);
- AssertionWrapper assertionWrapper =
-
(AssertionWrapper)customPrincipal.getTokenObject();
- if (assertionWrapper != null &&
assertionWrapper.getSaml1() != null) {
-
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
- } else if (assertionWrapper != null
- && assertionWrapper.getSaml2() != null) {
-
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
- }
- return token;
+ if (actInt.intValue() == WSConstants.ST_SIGNED) {
+ AssertionWrapper assertionWrapper =
+
(AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ SAMLKeyInfo subjectKeyInfo =
assertionWrapper.getSubjectKeyInfo();
+ if (subjectKeyInfo != null) {
+ SecurityToken token = new
SecurityToken(assertionWrapper.getId());
+ token.setSecret(subjectKeyInfo.getSecret());
+ X509Certificate[] certs = subjectKeyInfo.getCerts();
+ if (certs != null && certs.length > 0) {
+ token.setX509Certificate(certs[0], null);
+ }
+ if (assertionWrapper.getSaml1() != null) {
+
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ } else if (assertionWrapper.getSaml2() != null) {
+
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
+ return token;
}
}
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Wed Mar 2 12:36:17 2011
@@ -136,6 +136,11 @@ public class SecurityToken {
public SecurityToken() {
}
+
+ public SecurityToken(String id) {
+ this.id = id;
+ }
+
public SecurityToken(String id, Date created, Date expires) {
this.id = id;
this.created = created;
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Mar 2 12:36:17 2011
@@ -60,12 +60,15 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.RequiredElements;
import org.apache.cxf.ws.security.policy.model.RequiredParts;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.policy.model.TransportToken;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.policy.model.X509Token;
@@ -262,6 +265,31 @@ public class PolicyBasedWSS4JInIntercept
assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
assertPolicy(aim, SP12Constants.SUPPORTING_TOKENS);
}
+
+ Collection<AssertionInfo> ais =
aim.get(SP12Constants.TRANSPORT_BINDING);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ TransportBinding binding = (TransportBinding)ai.getAssertion();
+ TransportToken token = binding.getTransportToken();
+ if (token != null && token.getToken() instanceof IssuedToken) {
+ action = addToAction(action, "Signature", true);
+ Object s =
message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+ Object e =
message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+ if (s != null) {
+ message.put("decryptionPropRefId", "RefId-" +
s.toString());
+ message.put("RefId-" + s.toString(), getProps(s,
message));
+ if (e == null) {
+ e = s;
+ }
+ }
+ if (e != null) {
+ message.put("SignaturePropRefId", "RefId-" +
e.toString());
+ message.put("RefId-" + e.toString(), getProps(e,
message));
+ }
+ }
+ }
+ }
+
return action;
}
private String checkSymetricBinding(AssertionInfoMap aim,
@@ -692,10 +720,19 @@ public class PolicyBasedWSS4JInIntercept
if (ais == null) {
return true;
}
- assertPolicy(aim, SP12Constants.TRANSPORT_TOKEN);
+
+ for (AssertionInfo ai : ais) {
+ TransportBinding binding = (TransportBinding)ai.getAssertion();
+ ai.setAsserted(true);
+ if (binding.getTransportToken() != null) {
+ assertPolicy(aim, binding.getTransportToken());
+ assertPolicy(aim, binding.getTransportToken().getToken());
+ }
+ }
+
assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
assertPolicy(aim, SP12Constants.SIGNED_PARTS);
- return !assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
+ return true;
}
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1076194&r1=1076193&r2=1076194&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Mar 2 12:36:17 2011
@@ -36,6 +36,7 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
@@ -46,6 +47,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.policy.model.TransportToken;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -118,6 +120,30 @@ public class TransportBindingHandler ext
try {
if (this.isRequestor()) {
+ TransportToken transportTokenWrapper =
tbinding.getTransportToken();
+ if (transportTokenWrapper != null) {
+ Token transportToken = transportTokenWrapper.getToken();
+ if (transportToken instanceof IssuedToken) {
+ SecurityToken secToken = getSecurityToken();
+ if (secToken == null) {
+ policyNotAsserted(transportToken, "No transport
token id");
+ return;
+ } else {
+ policyAsserted(transportToken);
+ }
+
+ IncludeTokenType inclusion =
transportToken.getInclusion();
+ if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
== inclusion
+ || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE
== inclusion
+ ||
(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ == inclusion)) {
+
+ Element el = secToken.getToken();
+ addEncyptedKeyElement(cloneElement(el));
+ }
+ }
+ }
+
List<byte[]> signatureValues = new ArrayList<byte[]>();
ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
