CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler
# Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8f1f537c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8f1f537c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8f1f537c Branch: refs/heads/3.0.x-fixes Commit: 8f1f537c7d764c5315935ba7ba8b4a6b44ec1b6b Parents: 8ae768d Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Nov 23 11:00:23 2016 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Nov 23 12:28:33 2016 +0000 ---------------------------------------------------------------------- .../AsymmetricBindingHandler.java | 3 +- .../policyhandlers/SymmetricBindingHandler.java | 39 ++++++++++++++++---- 2 files changed, 32 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 6ea39c2..cb427df 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -847,8 +847,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); } - getTokenStore().add(tempTok); - message.put(SecurityConstants.TOKEN_ID, tempTok.getId()); + message.put(SecurityConstants.TOKEN, tempTok); return id; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8f1f537c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 083f43e..0237ab0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -155,13 +155,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { if (isRequestor()) { tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken); } else { - tokenId = getEncryptedKey(); + tok = getEncryptedKey(); } } else if (encryptionToken instanceof UsernameToken) { if (isRequestor()) { tokenId = setupUTDerivedKey((UsernameToken)encryptionToken); } else { - tokenId = getUTDerivedKey(); + tok = getUTDerivedKey(); } } if (tok == null) { @@ -285,13 +285,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { if (isRequestor()) { sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken); } else { - sigTokId = getEncryptedKey(); + sigTok = getEncryptedKey(); } } else if (sigToken instanceof UsernameToken) { if (isRequestor()) { sigTokId = setupUTDerivedKey((UsernameToken)sigToken); } else { - sigTokId = getUTDerivedKey(); + sigTok = getUTDerivedKey(); } } } else { @@ -928,6 +928,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { return id; } +<<<<<<< HEAD private String getEncryptedKey() { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() @@ -954,11 +955,28 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { return encryptedKeyID; } } +======= + private SecurityToken getEncryptedKey() { + WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); + if (encryptedKeyResult != null) { + // Store it in the cache + Date created = new Date(); + Date expires = new Date(); + expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message)); + + String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); + SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); + securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); + securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult + .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); + + return securityToken; +>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler } return null; } - private String getUTDerivedKey() throws WSSecurityException { + private SecurityToken getUTDerivedKey() throws WSSecurityException { List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage() .get(WSHandlerConstants.RECV_RESULTS)); @@ -975,14 +993,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { } Date created = new Date(); Date expires = new Date(); +<<<<<<< HEAD expires.setTime(created.getTime() + 300000); SecurityToken tempTok = new SecurityToken(utID, created, expires); +======= + expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message)); + SecurityToken securityToken = new SecurityToken(utID, created, expires); + +>>>>>>> 0769de2... CXF-7148 - Race Condition while handling symmetric key in SymmetricBindingHandler byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); - tempTok.setSecret(secret); - tokenStore.add(tempTok); + securityToken.setSecret(secret); - return utID; + return securityToken; } } }
