This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 4e981b1 Picking up some Santuario changes
4e981b1 is described below
commit 4e981b1f5bb19bc85e3b92e325216148ef043e8c
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Tue Jan 28 13:40:57 2020 +0000
Picking up some Santuario changes
---
.../java/org/apache/cxf/ws/security/wss4j/StaxSerializer.java | 9 +++++++--
.../org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 8 +++++++-
.../org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java | 3 ++-
.../security/wss4j/policyhandlers/AsymmetricBindingHandler.java | 3 ++-
.../security/wss4j/policyhandlers/SymmetricBindingHandler.java | 3 ++-
5 files changed, 20 insertions(+), 6 deletions(-)
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSerializer.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSerializer.java
index 7d2428f..e82493c 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSerializer.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSerializer.java
@@ -50,6 +50,8 @@ import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.LoadingByteArrayOutputStream;
import org.apache.cxf.staxutils.OverlayW3CDOMStreamWriter;
import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xml.security.encryption.AbstractSerializer;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -62,15 +64,18 @@ public class StaxSerializer extends AbstractSerializer {
private XMLInputFactory factory;
private boolean validFactory;
+ public StaxSerializer() throws InvalidCanonicalizerException {
+ super(Canonicalizer.ALGO_ID_C14N_PHYSICAL, true);
+ }
+
/**
* @param source
* @param ctx
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
@Override
- public Node deserialize(byte[] source, Node ctx, boolean secureValidation)
throws XMLEncryptionException {
+ public Node deserialize(byte[] source, Node ctx) throws
XMLEncryptionException {
XMLStreamReader reader = createWstxReader(source, ctx);
if (reader != null) {
return deserialize(ctx, reader, false);
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 16a993c..9c863cc 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -85,6 +85,7 @@ import org.apache.wss4j.dom.processor.Processor;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.NoOpValidator;
import org.apache.wss4j.dom.validate.Validator;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
/**
* Performs WS-Security inbound actions.
@@ -238,7 +239,6 @@ public class WSS4JInInterceptor extends
AbstractWSS4JInterceptor {
config = engine.getWssConfig();
}
reqData.setWssConfig(config);
- reqData.setEncryptionSerializer(new StaxSerializer());
// Add Audience Restrictions for SAML
reqData.setAudienceRestrictions(SAMLUtils.getAudienceRestrictions(msg,
true));
@@ -248,6 +248,12 @@ public class WSS4JInInterceptor extends
AbstractWSS4JInterceptor {
boolean doDebug = LOG.isLoggable(Level.FINE);
SoapVersion version = msg.getVersion();
+ try {
+ reqData.setEncryptionSerializer(new StaxSerializer());
+ } catch (InvalidCanonicalizerException e) {
+ throw new SoapFault(new Message("SECURITY_FAILED", LOG), e,
version.getReceiver());
+ }
+
if (doDebug) {
LOG.fine("WSS4JInInterceptor: enter handleMessage()");
}
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index c96c841..c052412 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -53,6 +53,7 @@ import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
@@ -268,7 +269,7 @@ public class WSS4JOutInterceptor extends
AbstractWSS4JInterceptor {
if (doDebug) {
LOG.fine("WSS4JOutInterceptor: exit handleMessage()");
}
- } catch (WSSecurityException e) {
+ } catch (InvalidCanonicalizerException | WSSecurityException e) {
throw new SoapFault(new Message("SECURITY_FAILED", LOG), e,
version
.getSender());
} finally {
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ff716f1..18e452d 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -80,6 +80,7 @@ import
org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.policy.model.AsymmetricBinding;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.opensaml.saml.common.SAMLVersion;
/**
@@ -572,7 +573,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
}
return encr;
- } catch (WSSecurityException e) {
+ } catch (InvalidCanonicalizerException | WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 263982d..15ba85a 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -86,6 +86,7 @@ import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xml.security.utils.XMLUtils;
/**
@@ -643,7 +644,7 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
addAttachmentsForEncryption(atEnd, refList, attachments);
return encr;
- } catch (WSSecurityException e) {
+ } catch (InvalidCanonicalizerException | WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
