Author: coheigea
Date: Thu May 16 11:35:10 2013
New Revision: 1483300
URL: http://svn.apache.org/r1483300
Log:
Check for SAML proof-of-possession in both TLS + message signatures
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1483300&r1=1483299&r2=1483300&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Thu May 16 11:35:10 2013
@@ -656,31 +656,32 @@ public class SAMLTokenInputHandler exten
} else if
(httpsCertificate.getPublicKey().equals(subjectPublicKey)) {
return;
}
- } else {
- for (int j = 0; j < securityTokenProviders.size();
j++) {
- SecurityTokenProvider<? extends
InboundSecurityToken> securityTokenProvider = securityTokenProviders.get(j);
- InboundSecurityToken securityToken =
securityTokenProvider.getSecurityToken();
- if (securityToken == httpsSecurityToken) {
- continue;
- }
- X509Certificate[] x509Certificates =
securityToken.getX509Certificates();
- PublicKey publicKey =
securityToken.getPublicKey();
- Map<String, Key> keyMap =
securityToken.getSecretKey();
- if (x509Certificates != null &&
x509Certificates.length > 0
- && subjectCertificates != null &&
subjectCertificates.length > 0 &&
-
subjectCertificates[0].equals(x509Certificates[0])) {
- return;
- }
- if (publicKey != null &&
publicKey.equals(subjectPublicKey)) {
+ }
+
+ // Now try message signatures
+ for (int j = 0; j < securityTokenProviders.size();
j++) {
+ SecurityTokenProvider<? extends
InboundSecurityToken> securityTokenProvider = securityTokenProviders.get(j);
+ InboundSecurityToken securityToken =
securityTokenProvider.getSecurityToken();
+ if (securityToken == httpsSecurityToken) {
+ continue;
+ }
+ X509Certificate[] x509Certificates =
securityToken.getX509Certificates();
+ PublicKey publicKey = securityToken.getPublicKey();
+ Map<String, Key> keyMap =
securityToken.getSecretKey();
+ if (x509Certificates != null &&
x509Certificates.length > 0
+ && subjectCertificates != null &&
subjectCertificates.length > 0 &&
+
subjectCertificates[0].equals(x509Certificates[0])) {
+ return;
+ }
+ if (publicKey != null &&
publicKey.equals(subjectPublicKey)) {
+ return;
+ }
+ Iterator<Map.Entry<String, Key>> iterator =
keyMap.entrySet().iterator();
+ while (iterator.hasNext()) {
+ Map.Entry<String, Key> next = iterator.next();
+ if (next.getValue().equals(subjectSecretKey)) {
return;
}
- Iterator<Map.Entry<String, Key>> iterator =
keyMap.entrySet().iterator();
- while (iterator.hasNext()) {
- Map.Entry<String, Key> next =
iterator.next();
- if
(next.getValue().equals(subjectSecretKey)) {
- return;
- }
- }
}
}
} else if
(OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
