Author: coheigea
Date: Thu Jun 27 16:37:00 2013
New Revision: 1497432
URL: http://svn.apache.org/r1497432
Log:
Added functionality to get SymmetricBinding Kerberos use-cases working
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
Thu Jun 27 16:37:00 2013
@@ -36,6 +36,7 @@ import org.apache.xml.security.stax.secu
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
+import
org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import javax.crypto.spec.SecretKeySpec;
@@ -57,6 +58,7 @@ public class BinarySecurityTokenOutputPr
final X509Certificate[] x509Certificates;
String reference = null;
Key key = null;
+ TokenType tokenType = WSSecurityTokenConstants.X509V3Token;
XMLSecurityConstants.Action action = getAction();
if (WSSConstants.SIGNATURE.equals(action)
@@ -76,6 +78,9 @@ public class BinarySecurityTokenOutputPr
if (securityToken != null) {
key =
securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm());
reference = securityToken.getSha1Identifier();
+ if (securityToken.getTokenType() != null) {
+ tokenType = securityToken.getTokenType();
+ }
}
}
}
@@ -148,7 +153,7 @@ public class BinarySecurityTokenOutputPr
}
final GenericOutboundSecurityToken binarySecurityToken =
- new GenericOutboundSecurityToken(bstId,
WSSecurityTokenConstants.X509V3Token, key, x509Certificates);
+ new GenericOutboundSecurityToken(bstId, tokenType, key,
x509Certificates);
binarySecurityToken.setSha1Identifier(reference);
final SecurityTokenProvider<OutboundSecurityToken>
binarySecurityTokenProvider =
new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -169,8 +174,9 @@ public class BinarySecurityTokenOutputPr
outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
bstId);
boolean includeSignatureToken =
((WSSSecurityProperties)
getSecurityProperties()).isIncludeSignatureToken();
- if (includeSignatureToken
- ||
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier()))
{
+ if ((includeSignatureToken
+ ||
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier()))
+ &&
!WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
FinalBinarySecurityTokenOutputProcessor
finalBinarySecurityTokenOutputProcessor = new
FinalBinarySecurityTokenOutputProcessor(binarySecurityToken);
finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
finalBinarySecurityTokenOutputProcessor.setAction(getAction());
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Thu Jun 27 16:37:00 2013
@@ -46,6 +46,7 @@ import org.apache.xml.security.stax.impl
import
org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import
org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
@@ -95,7 +96,8 @@ public class EncryptOutputProcessor exte
encryptionPartDef,
xmlSecStartElement,
outputProcessorChain.getDocumentContext().getEncoding(),
- securityToken.getSha1Identifier()
+ securityToken.getSha1Identifier(),
+ securityToken.getTokenType()
);
internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
internalEncryptionOutputProcessor.setAction(getAction());
@@ -124,9 +126,10 @@ public class EncryptOutputProcessor exte
private boolean doEncryptedHeader = false;
private final String sha1Identifier;
+ private final TokenType tokenType;
InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef,
XMLSecStartElement xmlSecStartElement,
- String encoding, String
sha1Identifier)
+ String encoding, String
sha1Identifier, TokenType tokenType)
throws XMLSecurityException, XMLStreamException {
super(encryptionPartDef, xmlSecStartElement, encoding);
@@ -134,6 +137,7 @@ public class EncryptOutputProcessor exte
this.addBeforeProcessor(InternalEncryptionOutputProcessor.class.getName());
this.addAfterProcessor(EncryptOutputProcessor.class.getName());
this.sha1Identifier = sha1Identifier;
+ this.tokenType = tokenType;
}
protected OutputStream applyTransforms(OutputStream outputStream)
throws XMLSecurityException {
@@ -224,10 +228,20 @@ public class EncryptOutputProcessor exte
WSSUtils.createEncryptedKeySha1IdentifierStructure(this,
outputProcessorChain, getEncryptionPartDef().getSymmetricKey());
}
} else {
- createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+ if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+ List<XMLSecAttribute> attributes = new
ArrayList<XMLSecAttribute>(2);
+ attributes.add(createAttribute(WSSConstants.ATT_wsu_Id,
IDGenerator.generateID(null)));
+
attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType,
WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+ createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, false, attributes);
+ } else {
+ createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_SecurityTokenReference, true, null);
+ }
List<XMLSecAttribute> attributes = new
ArrayList<XMLSecAttribute>(1);
attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#"
+ getEncryptionPartDef().getKeyId()));
+ if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+
attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType,
WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+ }
createStartElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_Reference, false, attributes);
createEndElementAndOutputAsEvent(outputProcessorChain,
WSSConstants.TAG_wsse_Reference);
}
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
(original)
+++
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Thu Jun 27 16:37:00 2013
@@ -258,7 +258,7 @@ public class SecurityTokenFactoryImpl ex
return
createSecurityTokenProxy(securityTokenProvider.getSecurityToken(),
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
}
-
+
try {
//ok we have to find the token via digesting...
MessageDigest messageDigest =
MessageDigest.getInstance("SHA-1");
@@ -280,8 +280,10 @@ public class SecurityTokenFactoryImpl ex
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
- throw new WSSecurityException(
-
WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken",
keyIdentifierType.getValue());
+ // Finally, just delegate to a Callback as per
EncryptedKeySHA1
+ return new EncryptedKeySha1SecurityTokenImpl(
+ (WSInboundSecurityContext) inboundSecurityContext,
callbackHandler,
+ keyIdentifierType.getValue(),
securityTokenReferenceType.getId());
} else {
//we do enforce BSP compliance here but will fail anyway
since we cannot identify the referenced token
((WSInboundSecurityContext)
inboundSecurityContext).handleBSPRule(BSPRule.R3063);
