Author: coheigea
Date: Wed Aug 24 15:18:01 2011
New Revision: 1161148
URL: http://svn.apache.org/viewvc?rev=1161148&view=rev
Log:
[CXF-3761] - STSClient can't process EncryptedKey elements received from an STS
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1161148&r1=1161147&r2=1161148&view=diff
==============================================================================
---
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Wed Aug 24 15:18:01 2011
@@ -963,26 +963,24 @@ public class STSClient implements Config
// First check for the binary secret
String b64Secret = DOMUtils.getContent(child);
secret = Base64.decode(b64Secret);
- } else if (childQname.equals(new QName(namespace,
WSConstants.ENC_KEY_LN))) {
- try {
-
- EncryptedKeyProcessor processor = new
EncryptedKeyProcessor();
-
- processor.handleToken(child, null, createCrypto(true),
createHandler(), null,
- new Vector(), null);
-
- secret = processor.getDecryptedBytes();
- } catch (IOException e) {
- throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
- }
+ } else if (childQname.equals(new QName(WSConstants.ENC_NS,
WSConstants.ENC_KEY_LN))) {
+ secret = decryptKey(child);
} else if (childQname.equals(new QName(namespace, "ComputedKey")))
{
// Handle the computed key
- Element binSecElem = entropy == null ? null :
DOMUtils.getFirstElement(entropy);
- String content = binSecElem == null ? null :
DOMUtils.getContent(binSecElem);
- if (content != null && !StringUtils.isEmpty(content.trim())) {
-
- byte[] serviceEntr = Base64.decode(content);
+ Element computedKeyChild = entropy == null ? null :
DOMUtils.getFirstElement(entropy);
+ byte[] serviceEntr = null;
+ if (computedKeyChild != null) {
+ QName computedKeyChildQName =
DOMUtils.getElementQName(computedKeyChild);
+ if (computedKeyChildQName.equals(new
QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN))) {
+ serviceEntr = decryptKey(computedKeyChild);
+ } else if (computedKeyChildQName.equals(new
QName(namespace, "BinarySecret"))) {
+ String content = DOMUtils.getContent(computedKeyChild);
+ serviceEntr = Base64.decode(content);
+ }
+ }
+
+ if (serviceEntr != null) {
// Right now we only use PSHA1 as the computed key algo
P_SHA1 psha1 = new P_SHA1();
@@ -1008,6 +1006,19 @@ public class STSClient implements Config
return token;
}
+
+ private byte[] decryptKey(Element child) throws TrustException,
WSSecurityException {
+ try {
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+ processor.handleToken(child, null, createCrypto(true),
createHandler(), null,
+ new Vector(), null);
+
+ return processor.getDecryptedBytes();
+ } catch (IOException e) {
+ throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
+ }
+ }
private CallbackHandler createHandler() {
Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);