Author: coheigea
Date: Fri Sep 9 14:33:13 2011
New Revision: 1167214
URL: http://svn.apache.org/viewvc?rev=1167214&view=rev
Log:
[CXF-3767] - Store the KeyIdentifier SHA1 value of the Kerberos token
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1167214&r1=1167213&r2=1167214&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
Fri Sep 9 14:33:13 2011
@@ -32,6 +32,8 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.KerberosSecurity;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
/**
* A class that obtains a ticket from a KDC and wraps it in a SecurityToken
object.
@@ -120,6 +122,8 @@ public class KerberosClient implements C
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
+ String sha1 =
Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
+ token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
return token;
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1167214&r1=1167213&r2=1167214&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Sep 9 14:33:13 2011
@@ -483,7 +483,8 @@ public class WSS4JInInterceptor extends
String id = pc.getIdentifier();
- if
(SecurityTokenReference.ENC_KEY_SHA1_URI.equals(pc.getType())) {
+ if
(SecurityTokenReference.ENC_KEY_SHA1_URI.equals(pc.getType())
+ || WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(pc.getType()))
{
for (SecurityToken token : store.getValidTokens()) {
if (id.equals(token.getSHA1())) {
pc.setKey(token.getSecret());
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1167214&r1=1167213&r2=1167214&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Sep 9 14:33:13 2011
@@ -402,7 +402,11 @@ public class SymmetricBindingHandler ext
// 7.7 Encrypted Key reference
SecurityTokenReference tokenRef = new
SecurityTokenReference(saaj.getSOAPPart());
tokenRef.setKeyIdentifierEncKeySHA1(encrTok.getSHA1());
- tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ String tokenType = encrTok.getTokenType();
+ if (tokenType == null) {
+ tokenType = WSConstants.WSS_ENC_KEY_VALUE_TYPE;
+ }
+ tokenRef.addTokenType(tokenType);
dkEncr.setExternalKey(encrTok.getSecret(),
tokenRef.getElement());
} else {
if (attached) {
@@ -424,8 +428,11 @@ public class SymmetricBindingHandler ext
}
if (encrTok.getSHA1() != null) {
- dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
- + WSConstants.ENC_KEY_VALUE_TYPE);
+ String tokenType = encrTok.getTokenType();
+ if (tokenType == null) {
+ tokenType = WSConstants.WSS_ENC_KEY_VALUE_TYPE;
+ }
+ dkEncr.setCustomValueType(tokenType);
} else {
String tokenType = encrTok.getTokenType();
if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
@@ -599,7 +606,11 @@ public class SymmetricBindingHandler ext
SecurityTokenReference tokenRef = new SecurityTokenReference(doc);
if (tok.getSHA1() != null) {
tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
- tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ String tokenType = tok.getTokenType();
+ if (tokenType == null) {
+ tokenType = WSConstants.WSS_ENC_KEY_VALUE_TYPE;
+ }
+ tokenRef.addTokenType(tokenType);
}
dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
} else {
@@ -614,7 +625,11 @@ public class SymmetricBindingHandler ext
dkSign.setDerivedKeyLength(sbinding.getAlgorithmSuite().getSignatureDerivedKeyLength()
/ 8);
if (tok.getSHA1() != null) {
//Set the value type of the reference
- dkSign.setCustomValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+ String tokenType = tok.getTokenType();
+ if (tokenType == null) {
+ tokenType = WSConstants.WSS_ENC_KEY_VALUE_TYPE;
+ }
+ dkSign.setCustomValueType(tokenType);
} else {
String tokenType = tok.getTokenType();
if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
