This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/wss4j_2.3.0 by this push:
new 6ed1d3a Picking up more derived key changes in WSS4J
6ed1d3a is described below
commit 6ed1d3a754f86297a14be6cff47b6036884e5fa6
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Feb 1 11:20:57 2019 +0000
Picking up more derived key changes in WSS4J
---
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 1 +
.../wss4j/policyhandlers/AsymmetricBindingHandler.java | 12 ++++++++++--
.../wss4j/policyhandlers/SymmetricBindingHandler.java | 18 ++++++++++++++++--
.../wss4j/policyhandlers/TransportBindingHandler.java | 2 ++
4 files changed, 29 insertions(+), 4 deletions(-)
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 17b8b65..328ce09 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2086,6 +2086,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
}
addSig(dkSign.getSignatureValue());
+ dkSign.clean();
}
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 015f9bf..1a6a96a 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -229,15 +229,18 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
}
if (encToken != null) {
+ WSSecBase encr = null;
if (encToken.getToken() != null && !enc.isEmpty()) {
if (encToken.getToken().getDerivedKeys() ==
DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encToken, enc);
+ encr = doEncryptionDerived(encToken, enc);
} else {
String symEncAlgorithm =
abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
KeyGenerator keyGen =
KeyUtils.getKeyGenerator(symEncAlgorithm);
SecretKey symmetricKey = keyGen.generateKey();
- doEncryption(encToken, enc, false, symmetricKey);
+ encr = doEncryption(encToken, enc, false,
symmetricKey);
}
+
+ encr.clean();
}
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
@@ -394,6 +397,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
if (encrBase != null) {
encryptTokensInSecurityHeader(encryptionToken, encrBase,
symmetricKey);
+ encrBase.clean();
}
}
@@ -663,6 +667,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached,
false);
sig.appendBSTElementToHeader();
+ sig.clean();
}
return;
}
@@ -735,6 +740,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
mainSigId = dkSign.getSignatureId();
}
+ dkSign.clean();
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
@@ -781,6 +787,8 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
mainSigId = sig.getId();
}
+
+ sig.clean();
}
}
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8a4d5d9..0567126 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -283,6 +283,10 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
}
}
}
+
+ if (encr != null) {
+ encr.clean();
+ }
}
} catch (RuntimeException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -408,8 +412,9 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
}
if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty())
{
+ WSSecBase encr = null;
if (encrAbstractTokenWrapper.getToken().getDerivedKeys() ==
DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encrAbstractTokenWrapper, encrTok,
tokIncluded, enc, false);
+ encr = doEncryptionDerived(encrAbstractTokenWrapper,
encrTok, tokIncluded, enc, false);
} else {
byte[] ephemeralKey = encrTok.getSecret();
SecretKey symmetricKey = null;
@@ -420,8 +425,10 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
KeyGenerator keyGen =
KeyUtils.getKeyGenerator(symEncAlgorithm);
symmetricKey = keyGen.generateKey();
}
- doEncryption(encrAbstractTokenWrapper, encrTok,
tokIncluded, enc, false, symmetricKey);
+ encr = doEncryption(encrAbstractTokenWrapper, encrTok,
tokIncluded, enc, false, symmetricKey);
}
+
+ encr.clean();
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
@@ -800,8 +807,11 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
this.mainSigId = dkSign.getSignatureId();
+ dkSign.clean();
return dkSign.getSignatureValue();
}
+
+ dkSign.clean();
return null;
}
@@ -933,8 +943,12 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
bottomUpElement = sig.getSignatureElement();
this.mainSigId = sig.getId();
+
+ sig.clean();
return sig.getSignatureValue();
}
+
+ sig.clean();
return null;
}
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index c067699..5c4e3b0 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -403,6 +403,7 @@ public class TransportBindingHandler extends
AbstractBindingBuilder {
dkSig.appendDKElementToHeader();
dkSig.computeSignature(referenceList, false, null);
+ dkSig.clean();
return dkSig.getSignatureValue();
}
WSSecSignature sig = getSignatureBuilder(token, false, false);
@@ -513,6 +514,7 @@ public class TransportBindingHandler extends
AbstractBindingBuilder {
//Do signature
dkSign.computeSignature(referenceList, false, null);
+ dkSign.clean();
return dkSign.getSignatureValue();
}
