Some fixes from the latest WSS4J changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d68f140c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d68f140c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d68f140c Branch: refs/heads/master Commit: d68f140c76cf7e390dfce134ea5c5d97f129e65d Parents: 9ae69b3 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Mar 6 13:22:52 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Mar 6 13:22:52 2015 +0000 ---------------------------------------------------------------------- .../SecureConversationInInterceptor.java | 4 ++- .../SpnegoContextTokenInInterceptor.java | 3 ++ .../ws/security/tokenstore/SecurityToken.java | 30 ++++++-------------- .../policyhandlers/AbstractBindingBuilder.java | 12 +++----- .../cxf/sts/operation/AbstractOperation.java | 6 ++-- .../apache/cxf/sts/request/RequestParser.java | 6 ++-- .../cxf/sts/token/provider/SCTProvider.java | 3 ++ 7 files changed, 27 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java index 6cb52d1..0e17843 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java @@ -28,7 +28,6 @@ import java.util.Properties; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapBindingConstants; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor; @@ -62,6 +61,7 @@ import org.apache.neethi.All; import org.apache.neethi.Assertion; import org.apache.neethi.ExactlyOne; import org.apache.neethi.Policy; +import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.message.token.SecurityContextToken; import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; @@ -350,6 +350,8 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa writer.writeStartElement(prefix, "RequestedSecurityToken", namespace); SecurityContextToken sct = new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument()); + WSSConfig wssConfig = WSSConfig.getNewInstance(); + sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct)); Date created = new Date(); Date expires = new Date(); http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java index 6b76879..1e009b1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java @@ -54,6 +54,7 @@ import org.apache.neethi.ExactlyOne; import org.apache.neethi.Policy; import org.apache.wss4j.common.spnego.SpnegoTokenContext; import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.message.token.BinarySecurity; import org.apache.wss4j.dom.message.token.SecurityContextToken; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -187,6 +188,8 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa new SecurityContextToken( NegotiationUtils.getWSCVersion(tokenType), writer.getDocument() ); + WSSConfig wssConfig = WSSConfig.getNewInstance(); + sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct)); // Lifetime Date created = new Date(); http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java index 7a74b35..1b7cfb6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java @@ -29,7 +29,6 @@ import java.util.Date; import java.util.Properties; import org.w3c.dom.Element; - import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; @@ -37,6 +36,7 @@ import org.apache.cxf.staxutils.W3CDOMStreamWriter; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.message.token.Reference; +import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.dom.util.XmlSchemaDateFormat; @@ -161,17 +161,12 @@ public class SecurityToken implements Serializable { } public SecurityToken(String id) { - this.id = id; - if (this.id != null && this.id.length() > 0 && this.id.charAt(0) == '#') { - this.id = this.id.substring(1); - } + this.id = WSSecurityUtil.getIDFromReference(id); } public SecurityToken(String id, Date created, Date expires) { - this.id = id; - if (this.id != null && this.id.length() > 0 && this.id.charAt(0) == '#') { - this.id = this.id.substring(1); - } + this.id = WSSecurityUtil.getIDFromReference(id); + if (created != null) { this.created = new Date(created.getTime()); } @@ -184,10 +179,8 @@ public class SecurityToken implements Serializable { Element tokenElem, Date created, Date expires) { - this.id = id; - if (this.id != null && this.id.length() > 0 && this.id.charAt(0) == '#') { - this.id = this.id.substring(1); - } + this.id = WSSecurityUtil.getIDFromReference(id); + this.token = cloneElement(tokenElem); if (created != null) { this.created = new Date(created.getTime()); @@ -200,10 +193,8 @@ public class SecurityToken implements Serializable { public SecurityToken(String id, Element tokenElem, Element lifetimeElem) { - this.id = id; - if (this.id != null && this.id.length() > 0 && this.id.charAt(0) == '#') { - this.id = this.id.substring(1); - } + this.id = WSSecurityUtil.getIDFromReference(id); + this.token = cloneElement(tokenElem); if (lifetimeElem != null) { processLifeTime(lifetimeElem); @@ -293,10 +284,7 @@ public class SecurityToken implements Serializable { * Set the id */ public void setId(String id) { - this.id = id; - if (this.id != null && this.id.length() > 0 && this.id.charAt(0) == '#') { - this.id = this.id.substring(1); - } + this.id = WSSecurityUtil.getIDFromReference(id); } /** http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 6e62d0a..69a6e88 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -445,10 +445,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle secToken.setToken(clone); addSupportingElement(clone); - String id = secToken.getId(); - if (id != null && id.charAt(0) == '#') { - id = id.substring(1); - } + String id = WSSecurityUtil.getIDFromReference(secToken.getId()); + if (suppTokens.isEncryptedToken()) { WSEncryptionPart part = new WSEncryptionPart(id, "Element"); part.setElement(clone); @@ -661,10 +659,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle part.setId(secRef.getID()); part.setElement(clone); } else { - String id = token.getId(); - if (id != null && id.charAt(0) == '#') { - id = id.substring(1); - } + String id = WSSecurityUtil.getIDFromReference(token.getId()); + part = new WSEncryptionPart(id); part.setElement(token.getToken()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java index 37fb985..5e85234 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java @@ -84,6 +84,7 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.WSSecEncrypt; import org.apache.wss4j.dom.message.WSSecEncryptedKey; +import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.dom.util.XmlSchemaDateFormat; import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -213,10 +214,7 @@ public abstract class AbstractOperation { } if (tokenReference.isUseKeyIdentifier()) { - String identifier = tokenReference.getIdentifier(); - if (identifier.charAt(0) == '#') { - identifier = identifier.substring(1); - } + String identifier = WSSecurityUtil.getIDFromReference(tokenReference.getIdentifier()); KeyIdentifierType keyIdentifierType = QNameConstants.WSSE_FACTORY.createKeyIdentifierType(); http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java index 0e8d361..a1a2a26 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java @@ -85,6 +85,7 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.token.SecurityContextToken; import org.apache.wss4j.dom.processor.EncryptedKeyProcessor; +import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.xml.security.utils.Constants; /** @@ -738,9 +739,8 @@ public class RequestParser { } // Find processed token corresponding to the URI - if (referenceURI.charAt(0) == '#') { - referenceURI = referenceURI.substring(1); - } + referenceURI = WSSecurityUtil.getIDFromReference(referenceURI); + MessageContext messageContext = wsContext.getMessageContext(); final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS)); http://git-wip-us.apache.org/repos/asf/cxf/blob/d68f140c/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java index 7c5d1b4..a25e2e0 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java @@ -35,6 +35,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.dom.WSSConfig; import org.apache.wss4j.dom.message.token.SecurityContextToken; /** @@ -118,6 +119,8 @@ public class SCTProvider implements TokenProvider { Document doc = DOMUtils.createDocument(); SecurityContextToken sct = new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc); + WSSConfig wssConfig = WSSConfig.getNewInstance(); + sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct)); TokenProviderResponse response = new TokenProviderResponse(); response.setToken(sct.getElement());
