Author: coheigea
Date: Wed Oct 9 13:38:23 2013
New Revision: 1530602
URL: http://svn.apache.org/r1530602
Log:
Update to streaming ws-security code following recent merge to WSS4J
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Wed Oct 9 13:38:23 2013
@@ -204,7 +204,7 @@ public abstract class AbstractStaxBindin
}
protected SecurePart addKerberosToken(
- KerberosToken token, boolean signed, boolean endorsing
+ KerberosToken token, boolean signed, boolean endorsing, boolean
encrypting
) throws WSSecurityException {
IncludeTokenType includeToken = token.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
@@ -219,6 +219,7 @@ public abstract class AbstractStaxBindin
// Convert to WSS4J token
final KerberosClientSecurityToken wss4jToken =
new KerberosClientSecurityToken(secToken.getData(),
secToken.getKey(), secToken.getId());
+ wss4jToken.setSha1Identifier(secToken.getSHA1());
final SecurityTokenProvider<OutboundSecurityToken>
kerberosSecurityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -233,15 +234,21 @@ public abstract class AbstractStaxBindin
return wss4jToken.getId();
}
};
- outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST,
+ outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_KERBEROS,
kerberosSecurityTokenProvider);
+ if (encrypting) {
+
outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION,
+ kerberosSecurityTokenProvider);
+ }
+ if (endorsing) {
+
outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
+ kerberosSecurityTokenProvider);
+ }
+
// Action
Map<String, Object> config = getProperties();
String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
- if (endorsing) {
- actionToPerform =
ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN;
- }
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
@@ -259,7 +266,10 @@ public abstract class AbstractStaxBindin
}
*/
- return new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken,
Modifier.Element);
+ SecurePart securePart = new
SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+ securePart.setIdToSign(wss4jToken.getId());
+
+ return securePart;
}
protected SecurePart addSamlToken(
@@ -528,9 +538,10 @@ public abstract class AbstractStaxBindin
// Find out do we also need to include the token as per the Inclusion
requirement
if (token instanceof X509Token
- && token.getIncludeTokenType() !=
IncludeTokenType.INCLUDE_TOKEN_NEVER
+ && isTokenRequired(token.getIncludeTokenType())
&&
("IssuerSerial".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
- ||
"Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
+ ||
"Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
+ ||
"DirectReference".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "true");
} else {
config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN,
"false");
@@ -749,7 +760,7 @@ public abstract class AbstractStaxBindin
}
}
} else if (isRequestor() && token instanceof KerberosToken) {
- SecurePart securePart = addKerberosToken((KerberosToken)token,
signed, endorse);
+ SecurePart securePart = addKerberosToken((KerberosToken)token,
signed, endorse, false);
if (securePart != null) {
ret.put(token, securePart);
if (suppTokens.isEncryptedToken()) {
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Wed Oct 9 13:38:23 2013
@@ -39,6 +39,7 @@ import javax.xml.soap.SOAPException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -153,7 +154,9 @@ public class StaxSymmetricBindingHandler
SecurityToken tok = null;
if (encryptionToken instanceof KerberosToken) {
tok = getSecurityToken();
- addKerberosToken((KerberosToken)encryptionToken, false, false);
+ if (MessageUtils.isRequestor(message)) {
+ addKerberosToken((KerberosToken)encryptionToken, false,
true, true);
+ }
} else if (encryptionToken instanceof IssuedToken) {
tok = getSecurityToken();
addIssuedToken((IssuedToken)encryptionToken, tok, false, true);
@@ -181,7 +184,9 @@ public class StaxSymmetricBindingHandler
}
// Store key
- storeSecurityToken(tok);
+ if (!(MessageUtils.isRequestor(message) && encryptionToken
instanceof KerberosToken)) {
+ storeSecurityToken(tok);
+ }
List<SecurePart> encrParts = null;
List<SecurePart> sigParts = null;
@@ -249,7 +254,9 @@ public class StaxSymmetricBindingHandler
if (sigToken != null) {
if (sigToken instanceof KerberosToken) {
sigTok = getSecurityToken();
- addKerberosToken((KerberosToken)sigToken, false, false);
+ if (MessageUtils.isRequestor(message)) {
+ addKerberosToken((KerberosToken)sigToken, false, true,
true);
+ }
} else if (sigToken instanceof IssuedToken) {
sigTok = getSecurityToken();
addIssuedToken((IssuedToken)sigToken, sigTok, false, true);
@@ -281,7 +288,9 @@ public class StaxSymmetricBindingHandler
}
// Store key
- storeSecurityToken(sigTok);
+ if (!(MessageUtils.isRequestor(message) && sigToken instanceof
KerberosToken)) {
+ storeSecurityToken(sigTok);
+ }
// Add timestamp
List<SecurePart> sigs = new ArrayList<SecurePart>();
@@ -415,7 +424,11 @@ public class StaxSymmetricBindingHandler
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " +
actionToPerform);
+ if (action.contains(ConfigurationConstants.KERBEROS_TOKEN)) {
+ config.put(ConfigurationConstants.ACTION, actionToPerform + "
" + action);
+ } else {
+ config.put(ConfigurationConstants.ACTION, action + " " +
actionToPerform);
+ }
} else {
config.put(ConfigurationConstants.ACTION, actionToPerform);
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Wed Oct 9 13:38:23 2013
@@ -172,7 +172,7 @@ public class StaxTransportBindingHandler
} else if (token instanceof IssuedToken) {
addIssuedToken((IssuedToken)token, getSecurityToken(), false,
false);
} else if (token instanceof KerberosToken) {
- addKerberosToken((KerberosToken)token, false, false);
+ addKerberosToken((KerberosToken)token, false, false, false);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken)token, false, false);
} else {
@@ -258,8 +258,7 @@ public class StaxTransportBindingHandler
|| token instanceof SpnegoContextToken) {
addSig(doIssuedTokenSignature(token, wrapper));
*/
- } else if (token instanceof X509Token
- || token instanceof KeyValueToken) {
+ } else if (token instanceof X509Token || token instanceof
KeyValueToken) {
doSignature(token, wrapper);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken)token, false, true);
@@ -273,10 +272,19 @@ public class StaxTransportBindingHandler
} else if (token instanceof UsernameToken) {
throw new Exception("Endorsing UsernameTokens are not supported in
the streaming code");
} else if (token instanceof KerberosToken) {
- addKerberosToken((KerberosToken)token, false, true);
+ Map<String, Object> config = getProperties();
+ String signatureAction = ConfigurationConstants.SIGNATURE;
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action =
(String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " +
signatureAction);
+ } else {
+ config.put(ConfigurationConstants.ACTION, signatureAction);
+ }
+ configureSignature(wrapper, token, false);
+
+ addKerberosToken((KerberosToken)token, false, true, false);
signPartsAndElements(wrapper.getSignedParts(),
wrapper.getSignedElements());
- Map<String, Object> config = getProperties();
config.put(ConfigurationConstants.SIG_ALGO,
tbinding.getAlgorithmSuite().getSymmetricSignature());
AlgorithmSuiteType algType =
tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
Modified:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java?rev=1530602&r1=1530601&r2=1530602&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
(original)
+++
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Wed Oct 9 13:38:23 2013
@@ -159,11 +159,6 @@ public class StaxToDOMSamlTest extends A
properties.setSamlCallbackHandler(new SAML1CallbackHandler());
properties.setCallbackHandler(new PasswordCallbackHandler());
- properties.setSignatureUser("alice");
-
- Properties cryptoProperties =
- CryptoFactory.getProperties("alice.properties",
this.getClass().getClassLoader());
- properties.setSignatureCryptoProperties(cryptoProperties);
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
);
@@ -205,8 +200,6 @@ public class StaxToDOMSamlTest extends A
outConfig.put(ConfigurationConstants.ACTION,
ConfigurationConstants.SAML_TOKEN_SIGNED);
outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new
SAML1CallbackHandler());
outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new
PasswordCallbackHandler());
- outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
- outConfig.put(ConfigurationConstants.SIG_PROP_FILE,
"alice.properties");
outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JStaxOutInterceptor ohandler = new
WSS4JStaxOutInterceptor(outConfig);
@@ -320,11 +313,6 @@ public class StaxToDOMSamlTest extends A
properties.setSamlCallbackHandler(new SAML2CallbackHandler());
properties.setCallbackHandler(new PasswordCallbackHandler());
- properties.setSignatureUser("alice");
-
- Properties cryptoProperties =
- CryptoFactory.getProperties("alice.properties",
this.getClass().getClassLoader());
- properties.setSignatureCryptoProperties(cryptoProperties);
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
);
@@ -367,8 +355,6 @@ public class StaxToDOMSamlTest extends A
outConfig.put(ConfigurationConstants.ACTION,
ConfigurationConstants.SAML_TOKEN_SIGNED);
outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, new
SAML2CallbackHandler());
outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new
PasswordCallbackHandler());
- outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
- outConfig.put(ConfigurationConstants.SIG_PROP_FILE,
"alice.properties");
outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JStaxOutInterceptor ohandler = new
WSS4JStaxOutInterceptor(outConfig);
