Copied: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java (from r1485168, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java) URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java?p2=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java&p1=webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java&r1=1485168&r2=1490977&rev=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java Sat Jun 8 13:20:18 2013 @@ -20,6 +20,7 @@ package org.apache.wss4j.stax.impl.secur import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.stax.ext.WSInboundSecurityContext; +import org.apache.wss4j.stax.ext.WSSConfigurationException; import org.apache.wss4j.stax.ext.WSSSecurityProperties; import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -28,17 +29,33 @@ import org.apache.xml.security.stax.impl import javax.security.auth.callback.CallbackHandler; import java.security.cert.X509Certificate; -public class X509_V3SecurityTokenImpl extends X509SecurityTokenImpl { +public class X509V3SecurityTokenImpl extends X509SecurityTokenImpl { private String alias = null; - public X509_V3SecurityTokenImpl(WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto, CallbackHandler callbackHandler, - byte[] binaryContent, String id, WSSecurityTokenConstants.KeyIdentifier keyIdentifier, - WSSSecurityProperties securityProperties) - throws XMLSecurityException { - - super(WSSecurityTokenConstants.X509V3Token, wsInboundSecurityContext, crypto, callbackHandler, id, keyIdentifier, securityProperties); - setX509Certificates(new X509Certificate[]{getCrypto().loadCertificate(new UnsynchronizedByteArrayInputStream(binaryContent))}); + public X509V3SecurityTokenImpl( + WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto, CallbackHandler callbackHandler, + byte[] binaryContent, String id, WSSSecurityProperties securityProperties) throws XMLSecurityException { + + super(WSSecurityTokenConstants.X509V3Token, wsInboundSecurityContext, crypto, callbackHandler, id, + WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier, securityProperties, true); + + X509Certificate x509Certificate = getCrypto().loadCertificate(new UnsynchronizedByteArrayInputStream(binaryContent)); + setX509Certificates(new X509Certificate[]{x509Certificate}); + + // Check to see if the certificates actually correspond to the decryption crypto + if (getCrypto().getX509Identifier(getX509Certificates()[0]) == null) { + try { + Crypto decCrypto = securityProperties.getDecryptionCrypto(); + if (decCrypto != null + && decCrypto != getCrypto() + && decCrypto.getX509Identifier(getX509Certificates()[0]) != null) { + setCrypto(decCrypto); + } + } catch (WSSConfigurationException ex) { //NOPMD + // Just continue + } + } } @Override
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java?rev=1490977&r1=1490976&r2=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java Sat Jun 8 13:20:18 2013 @@ -34,16 +34,12 @@ public class WSSecurityTokenConstants ex public static final TokenUsage TokenUsage_EndorsingEncryptedSupportingTokens = new TokenUsage("EndorsingEncryptedSupportingTokens"); public static final TokenUsage TokenUsage_SignedEndorsingEncryptedSupportingTokens = new TokenUsage("SignedEndorsingEncryptedSupportingTokens"); - //todo correct/cleanup/rename/revisit KeyIdentifierTypes over the whole framework. I messed it up... - public static final KeyIdentifier KeyIdentifier_IssuerSerial = new KeyIdentifier("IssuerSerial"); public static final KeyIdentifier KeyIdentifier_SecurityTokenDirectReference = new KeyIdentifier("SecurityTokenDirectReference"); - public static final KeyIdentifier KeyIdentifier_X509KeyIdentifier = new KeyIdentifier("X509KeyIdentifier"); - public static final KeyIdentifier KeyIdentifier_SkiKeyIdentifier = new KeyIdentifier("SkiKeyIdentifier"); public static final KeyIdentifier KeyIdentifier_ThumbprintIdentifier = new KeyIdentifier("ThumbprintIdentifier"); public static final KeyIdentifier KeyIdentifier_EncryptedKeySha1Identifier = new KeyIdentifier("EncryptedKeySha1Identifier"); public static final KeyIdentifier KeyIdentifier_EmbeddedKeyIdentifierRef = new KeyIdentifier("EmbeddedKeyIdentifierRef"); public static final KeyIdentifier KeyIdentifier_UsernameTokenReference = new KeyIdentifier("UsernameTokenReference"); - public static final KeyIdentifier KeyIdentifier_SecurityTokenReference = new KeyIdentifier("SecurityTokenReference"); + public static final KeyIdentifier KeyIdentifier_ExternalReference = new KeyIdentifier("ExternalReference"); public static final TokenType UsernameToken = new TokenType("UsernameToken"); public static final TokenType SecurityContextToken = new TokenType("SecurityContextToken"); Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java?rev=1490977&r1=1490976&r2=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java Sat Jun 8 13:20:18 2013 @@ -25,10 +25,10 @@ import org.apache.wss4j.common.ext.WSSec import org.apache.wss4j.stax.ext.WSSConfigurationException; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; +import org.apache.wss4j.stax.impl.securityToken.X509V3SecurityTokenImpl; import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.wss4j.stax.impl.securityToken.KerberosServiceSecurityTokenImpl; import org.apache.wss4j.stax.impl.securityToken.X509PKIPathv1SecurityTokenImpl; -import org.apache.wss4j.stax.impl.securityToken.X509_V3SecurityTokenImpl; import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.stax.securityToken.InboundSecurityToken; @@ -54,12 +54,11 @@ public class BinarySecurityTokenValidato try { if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) { Crypto crypto = getCrypto(tokenContext.getWssSecurityProperties()); - X509_V3SecurityTokenImpl x509V3SecurityToken = new X509_V3SecurityTokenImpl( + X509V3SecurityTokenImpl x509V3SecurityToken = new X509V3SecurityTokenImpl( tokenContext.getWsSecurityContext(), crypto, tokenContext.getWssSecurityProperties().getCallbackHandler(), securityTokenData, binarySecurityTokenType.getId(), - WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference, tokenContext.getWssSecurityProperties() ); x509V3SecurityToken.setElementPath(tokenContext.getElementPath()); Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java?rev=1490977&r1=1490976&r2=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java Sat Jun 8 13:20:18 2013 @@ -23,6 +23,7 @@ import org.apache.wss4j.common.ext.WSSec import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.stax.securityToken.SamlSecurityToken; import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl; +import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.stax.securityToken.InboundSecurityToken; public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl implements SamlTokenValidator { @@ -80,7 +81,7 @@ public class SamlTokenValidatorImpl exte samlAssertionWrapper, subjectSecurityToken, tokenContext.getWsSecurityContext(), sigVerCrypto, - null, + WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, tokenContext.getWssSecurityProperties()); securityToken.setElementPath(tokenContext.getElementPath()); Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java?rev=1490977&r1=1490976&r2=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java Sat Jun 8 13:20:18 2013 @@ -40,8 +40,8 @@ public class SecurityContextTokenValidat throws WSSecurityException { AbstractInboundSecurityToken securityContextToken = new AbstractInboundSecurityToken( - tokenContext.getWsSecurityContext(), - securityContextTokenType.getId(), null) { + tokenContext.getWsSecurityContext(), securityContextTokenType.getId(), + WSSecurityTokenConstants.KeyIdentifier_ExternalReference, false) { @Override public boolean isAsymmetric() { @@ -73,7 +73,6 @@ public class SecurityContextTokenValidat @Override public WSSecurityTokenConstants.TokenType getTokenType() { - //todo and set externalUriRef return WSSecurityTokenConstants.SecurityContextToken; } }; Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java?rev=1490977&r1=1490976&r2=1490977&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java (original) +++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java Sat Jun 8 13:20:18 2013 @@ -38,6 +38,7 @@ import org.apache.xml.security.stax.conf import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.apache.xml.security.stax.ext.stax.XMLSecEvent; import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory; +import org.apache.xml.security.stax.impl.util.IDGenerator; import org.apache.xml.security.stax.securityEvent.*; import org.opensaml.common.SAMLVersion; import org.testng.Assert; @@ -128,7 +129,7 @@ public class InboundWSSecurityContextImp UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl( WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST, "username", "password", new Date().toString(), null, new byte[10], 10L, - null, null, null); + null, IDGenerator.generateID(null), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference); usernameSecurityToken.setElementPath(usernameTokenPath); usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent); usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken); @@ -318,7 +319,7 @@ public class InboundWSSecurityContextImp UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl( WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST, "username", "password", new Date().toString(), null, new byte[10], 10L, - null, null, null); + null, IDGenerator.generateID(null), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference); usernameSecurityToken.setElementPath(usernameTokenPath); usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent); usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken); @@ -561,7 +562,7 @@ public class InboundWSSecurityContextImp UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl( WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST, "username", "password", new Date().toString(), null, new byte[10], 10L, - null, null, null); + null, IDGenerator.generateID(null), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference); usernameSecurityToken.setElementPath(usernamePath); usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent); usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken); @@ -671,8 +672,8 @@ public class InboundWSSecurityContextImp keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray()); X509SecurityTokenImpl x509SecurityToken = - new X509SecurityTokenImpl(tokenType, null, null, null, "", - WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null) { + new X509SecurityTokenImpl(tokenType, null, null, null, IDGenerator.generateID(null), + WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null, true) { @Override protected String getAlias() throws WSSecurityException {
