Author: coheigea
Date: Wed Jun 6 09:55:50 2012
New Revision: 1346806
URL: http://svn.apache.org/viewvc?rev=1346806&view=rev
Log:
[CXF-4361] - Add support for processing EncryptWith and SignWith parameters in
a RST to the STS
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java?rev=1346806&r1=1346805&r2=1346806&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/QNameConstants.java
Wed Jun 6 09:55:50 2012
@@ -82,6 +82,10 @@ public final class QNameConstants {
WS_TRUST_FACTORY.createKeyWrapAlgorithm("").getName();
public static final QName USE_KEY =
WS_TRUST_FACTORY.createUseKey(null).getName();
+ public static final QName SIGN_WITH =
+ WS_TRUST_FACTORY.createSignWith(null).getName();
+ public static final QName ENCRYPT_WITH =
+ WS_TRUST_FACTORY.createEncryptWith(null).getName();
//
// WSSE QNames
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java?rev=1346806&r1=1346805&r2=1346806&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java
Wed Jun 6 09:55:50 2012
@@ -34,6 +34,8 @@ public class KeyRequirements {
private String keywrapAlgorithm;
private ReceivedKey receivedKey;
private Entropy entropy;
+ private String encryptWith;
+ private String signWith;
public String getAuthenticationType() {
return authenticationType;
@@ -126,6 +128,22 @@ public class KeyRequirements {
public void setEntropy(Entropy entropy) {
this.entropy = entropy;
}
+
+ public String getEncryptWith() {
+ return encryptWith;
+ }
+
+ public void setEncryptWith(String encryptWith) {
+ this.encryptWith = encryptWith;
+ }
+
+ public String getSignWith() {
+ return signWith;
+ }
+
+ public void setSignWith(String signWith) {
+ this.signWith = signWith;
+ }
}
\ No newline at end of file
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java?rev=1346806&r1=1346805&r2=1346806&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
Wed Jun 6 09:55:50 2012
@@ -218,6 +218,14 @@ public class RequestParser {
EntropyType entropyType = (EntropyType)jaxbElement.getValue();
Entropy entropy = parseEntropy(entropyType, stsProperties);
keyRequirements.setEntropy(entropy);
+ } else if (QNameConstants.SIGN_WITH.equals(jaxbElement.getName())) {
+ String signWith = (String)jaxbElement.getValue();
+ keyRequirements.setSignWith(signWith);
+ LOG.fine("Found SignWith: " + signWith);
+ } else if (QNameConstants.ENCRYPT_WITH.equals(jaxbElement.getName())) {
+ String encryptWith = (String)jaxbElement.getValue();
+ keyRequirements.setEncryptWith(encryptWith);
+ LOG.fine("Found EncryptWith: " + encryptWith);
} else if (QNameConstants.REQUEST_TYPE.equals(jaxbElement.getName()))
{ //NOPMD
// Skip the request type.
} else {
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java?rev=1346806&r1=1346805&r2=1346806&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
Wed Jun 6 09:55:50 2012
@@ -31,6 +31,7 @@ import org.apache.cxf.sts.request.Entrop
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
@@ -52,10 +53,30 @@ public class SymmetricKeyHandler {
public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
- // Test KeySize
keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
SignatureProperties signatureProperties =
stsProperties.getSignatureProperties();
+
+ // Test EncryptWith
+ String encryptWith = keyRequirements.getEncryptWith();
+ if (encryptWith != null) {
+ if ((WSConstants.AES_128.equals(encryptWith) ||
WSConstants.AES_128_GCM.equals(encryptWith))
+ && keySize < 128) {
+ keySize = 128;
+ } else if ((WSConstants.AES_192.equals(encryptWith)
+ || WSConstants.AES_192_GCM.equals(encryptWith))
+ && keySize < 192) {
+ keySize = 192;
+ } else if ((WSConstants.AES_256.equals(encryptWith)
+ || WSConstants.AES_256_GCM.equals(encryptWith))
+ && keySize < 256) {
+ keySize = 256;
+ } else if (WSConstants.TRIPLE_DES.equals(encryptWith) && keySize <
192) {
+ keySize = 192;
+ }
+ }
+
+ // Test KeySize
if (keySize < signatureProperties.getMinimumKeySize()
|| keySize > signatureProperties.getMaximumKeySize()) {
keySize =
Long.valueOf(signatureProperties.getKeySize()).intValue();
@@ -64,7 +85,7 @@ public class SymmetricKeyHandler {
+ " not accepted so defaulting to " +
signatureProperties.getKeySize()
);
}
-
+
// Test Entropy
clientEntropy = keyRequirements.getEntropy();
if (clientEntropy == null) {
Modified:
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java?rev=1346806&r1=1346805&r2=1346806&view=diff
==============================================================================
---
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
(original)
+++
cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
Wed Jun 6 09:55:50 2012
@@ -493,6 +493,29 @@ public class SAMLProviderKeyTypeTest ext
assertTrue(tokenString.contains(WSConstants.C14N_EXCL_WITH_COMMENTS));
}
+ /**
+ * Create a default Saml2 Symmetric Key Assertion using EncryptWith
Algorithms.
+ */
+ @org.junit.Test
+ public void testDefaultSaml2EncryptWith() throws Exception {
+ TokenProvider samlTokenProvider = new SAMLTokenProvider();
+ TokenProviderParameters providerParameters =
+ createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE,
STSConstants.SYMMETRIC_KEY_KEYTYPE);
+ KeyRequirements keyRequirements =
providerParameters.getKeyRequirements();
+
+ keyRequirements.setEncryptWith(WSConstants.AES_128);
+ keyRequirements.setKeySize(92);
+ TokenProviderResponse providerResponse =
samlTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null &&
providerResponse.getTokenId() != null);
+
+ keyRequirements.setKeySize(128);
+ keyRequirements.setEncryptWith(WSConstants.AES_256);
+ providerResponse = samlTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null &&
providerResponse.getTokenId() != null);
+ }
+
private TokenProviderParameters createProviderParameters(
String tokenType, String keyType
) throws WSSecurityException {
