This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/saml-refactor in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor by this push: new ad4d9f55a Refactor of Credential class ad4d9f55a is described below commit ad4d9f55a0f324fe05dbf4c2a8aadac033c908c8 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Fri Nov 3 08:18:07 2023 +0000 Refactor of Credential class --- .../apache/wss4j/common/token/BinarySecurity.java | 8 +- .../java/org/apache/wss4j/common/token/Token.java | 34 ++++++++ .../wss4j/dom/message/token/DerivedKeyToken.java | 9 +-- .../dom/message/token/SecurityContextToken.java | 9 +-- .../apache/wss4j/dom/message/token/Timestamp.java | 9 +-- .../wss4j/dom/message/token/UsernameToken.java | 9 +-- .../processor/BinarySecurityTokenProcessor.java | 2 +- .../wss4j/dom/processor/SAMLTokenProcessor.java | 9 ++- .../processor/SecurityContextTokenProcessor.java | 2 +- .../wss4j/dom/processor/TimestampProcessor.java | 2 +- .../dom/processor/UsernameTokenProcessor.java | 9 ++- .../org/apache/wss4j/dom/validate/Credential.java | 91 +++------------------- .../dom/validate/JAASUsernameTokenValidator.java | 4 +- .../wss4j/dom/validate/KerberosTokenValidator.java | 4 +- .../wss4j/dom/validate/SamlAssertionValidator.java | 4 +- .../wss4j/dom/validate/TimestampValidator.java | 4 +- .../wss4j/dom/validate/UsernameTokenValidator.java | 4 +- .../dom/common/CustomSamlAssertionValidator.java | 5 +- .../wss4j/dom/message/token/BSTKerberosTest.java | 2 +- .../apache/wss4j/dom/validate/ValidatorTest.java | 2 +- .../apache/wss4j/saml/SamlAssertionWrapper.java | 8 +- 21 files changed, 94 insertions(+), 136 deletions(-) diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java b/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java index bf720dd9e..7a20839bc 100644 --- a/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java +++ b/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java @@ -42,7 +42,7 @@ import org.w3c.dom.Text; /** * Binary Security Token. */ -public class BinarySecurity { +public class BinarySecurity implements Token { public static final QName TOKEN_BST = new QName(WSS4JConstants.WSSE_NS, "BinarySecurityToken"); public static final QName TOKEN_KI = new QName(WSS4JConstants.WSSE_NS, "KeyIdentifier"); private static final org.slf4j.Logger LOG = @@ -263,11 +263,7 @@ public class BinarySecurity { return (Text)element.appendChild(textNode); } - /** - * return the dom element. - * - * @return the dom element. - */ + @Override public Element getElement() { return element; } diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java b/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java new file mode 100644 index 000000000..cbafc87b6 --- /dev/null +++ b/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java @@ -0,0 +1,34 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.wss4j.common.token; + +import org.w3c.dom.Element; + +/** + * A interface which describes a Security Token. + */ +public interface Token { + + /** + * Get the Token as a DOM Element + * @return the Token as a DOM Element + */ + Element getElement(); +} diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java index eea34fc21..e9d150b8e 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java @@ -34,6 +34,7 @@ import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.derivedKey.DerivedKeyUtils; import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal; import org.apache.wss4j.common.token.SecurityTokenReference; +import org.apache.wss4j.common.token.Token; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -54,7 +55,7 @@ import org.w3c.dom.Text; </DerivedKeyToken> */ -public class DerivedKeyToken { +public class DerivedKeyToken implements Token { private static final org.slf4j.Logger LOG = org.slf4j.LoggerFactory.getLogger(DerivedKeyToken.class); @@ -469,11 +470,7 @@ public class DerivedKeyToken { return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text) node : null; } - /** - * Returns the dom element of this <code>SecurityContextToken</code> object. - * - * @return the DerivedKeyToken element - */ + @Override public Element getElement() { return element; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java index 27f652ece..edc62102a 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java @@ -21,6 +21,7 @@ package org.apache.wss4j.dom.message.token; import javax.xml.namespace.QName; +import org.apache.wss4j.common.token.Token; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.DOM2Writer; @@ -32,7 +33,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.Text; -public class SecurityContextToken { +public class SecurityContextToken implements Token { /** * Security context token element @@ -241,11 +242,7 @@ public class SecurityContextToken { return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text) node : null; } - /** - * Returns the dom element of this <code>SecurityContextToken</code> object. - * - * @return the <code>wsse:SecurityContextToken</code> element - */ + @Override public Element getElement() { return element; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java index 8fd219129..d71f4cbec 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java @@ -29,6 +29,7 @@ import java.time.temporal.ChronoField; import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.bsp.BSPRule; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.common.token.Token; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.common.util.DateUtil; import org.apache.wss4j.common.util.WSCurrentTimeSource; @@ -44,7 +45,7 @@ import org.w3c.dom.Text; * Timestamp according to SOAP Message Security 1.0, * chapter 10 / appendix A.2 */ -public class Timestamp { +public class Timestamp implements Token { private Element element; private Instant created; @@ -210,11 +211,7 @@ public class Timestamp { element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" + WSConstants.WSU_PREFIX, WSConstants.WSU_NS); } - /** - * Returns the dom element of this <code>Timestamp</code> object. - * - * @return the <code>wsse:UsernameToken</code> element - */ + @Override public Element getElement() { return element; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java index a008bd902..e89ae1217 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java @@ -34,6 +34,7 @@ import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.bsp.BSPRule; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl; +import org.apache.wss4j.common.token.Token; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.common.util.DateUtil; import org.apache.wss4j.common.util.UsernameTokenUtil; @@ -53,7 +54,7 @@ import org.w3c.dom.Text; * Enhanced to support digest password type for username token signature * Enhanced to support passwordless usernametokens as allowed by spec. */ -public class UsernameToken { +public class UsernameToken implements Token { public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS + "#Base64Binary"; public static final String PASSWORD_TYPE = "passwordType"; public static final int DEFAULT_ITERATION = 1000; @@ -532,11 +533,7 @@ public class UsernameToken { return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text) node : null; } - /** - * Returns the dom element of this <code>UsernameToken</code> object. - * - * @return the <code>wsse:UsernameToken</code> element - */ + @Override public Element getElement() { return element; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java index 14aae8fa3..e35c3f684 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java @@ -87,7 +87,7 @@ public class BinarySecurityTokenProcessor implements Processor { if (validator != null) { // Hook to allow the user to validate the BinarySecurityToken Credential credential = new Credential(); - credential.setBinarySecurityToken(token); + credential.setToken(token); credential.setCertificates(certs); Credential returnedCredential = validator.validate(credential, data); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java index 2c9f61b1c..cc809cddf 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java @@ -96,7 +96,12 @@ public class SAMLTokenProcessor implements Processor { List<WSDataRef> dataRefs = createDataRefs(elem, samlAssertion, xmlSignature); Credential credential = handleSAMLToken(samlAssertion, data, validator); - samlAssertion = credential.getSamlAssertion(); + if (!(credential.getToken() instanceof SamlAssertionWrapper)) { + throw new WSSecurityException( + WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity" + ); + } + samlAssertion = (SamlAssertionWrapper)credential.getToken(); if (LOG.isDebugEnabled()) { LOG.debug("SAML Assertion issuer " + samlAssertion.getIssuerString()); LOG.debug(DOM2Writer.nodeToString(elem)); @@ -165,7 +170,7 @@ public class SAMLTokenProcessor implements Processor { // Now delegate the rest of the verification to the Validator Credential credential = new Credential(); - credential.setSamlAssertion(samlAssertion); + credential.setToken(samlAssertion); if (validator != null) { return validator.validate(credential, data); } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java index ae1db72e9..b2aaa8741 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java @@ -57,7 +57,7 @@ public class SecurityContextTokenProcessor implements Processor { if (validator != null) { // Hook to allow the user to validate the SecurityContextToken Credential credential = new Credential(); - credential.setSecurityContextToken(sct); + credential.setToken(sct); Credential returnedCredential = validator.validate(credential, data); result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java index c6d2fbe80..7cd40d94e 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java @@ -44,7 +44,7 @@ public class TimestampProcessor implements Processor { // Timestamp timestamp = new Timestamp(elem, data.getBSPEnforcer()); Credential credential = new Credential(); - credential.setTimestamp(timestamp); + credential.setToken(timestamp); WSSecurityEngineResult result = new WSSecurityEngineResult(WSConstants.TS, timestamp); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java index cccda5a38..594fea03e 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java @@ -61,7 +61,12 @@ public class UsernameTokenProcessor implements Processor { Validator validator = data.getValidator(WSConstants.USERNAME_TOKEN); Credential credential = handleUsernameToken(elem, validator, data); - UsernameToken token = credential.getUsernametoken(); + if (!(credential.getToken() instanceof UsernameToken)) { + throw new WSSecurityException( + WSSecurityException.ErrorCode.FAILURE, "invalidToken", new Object[] {"Username"} + ); + } + UsernameToken token = (UsernameToken)credential.getToken(); int action = WSConstants.UT; byte[] secretKey = null; @@ -167,7 +172,7 @@ public class UsernameTokenProcessor implements Processor { } Credential credential = new Credential(); - credential.setUsernametoken(ut); + credential.setToken(ut); if (validator != null) { return validator.validate(credential, data); } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java index 645866fcc..47abf4190 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java @@ -26,10 +26,7 @@ import java.security.cert.X509Certificate; import javax.security.auth.Subject; import org.apache.wss4j.saml.SamlAssertionWrapper; -import org.apache.wss4j.common.token.BinarySecurity; -import org.apache.wss4j.dom.message.token.SecurityContextToken; -import org.apache.wss4j.dom.message.token.Timestamp; -import org.apache.wss4j.dom.message.token.UsernameToken; +import org.apache.wss4j.common.token.Token; /** * This class stores various Credential types that can be validated and/or returned by a @@ -40,31 +37,27 @@ public class Credential { private PublicKey publicKey; private X509Certificate[] certs; - private Timestamp timestamp; - private UsernameToken usernametoken; - private BinarySecurity binarySecurityToken; - private SamlAssertionWrapper samlAssertion; + private Token token; private SamlAssertionWrapper transformedToken; - private SecurityContextToken securityContextToken; private Principal principal; private byte[] secretKey; private Subject subject; private Object delegationCredential; /** - * Set a SecurityContextToken to be validated - * @param securityContextToken a SecurityContextToken to be validated + * Set a token to be validated + * @param token a token to be validated */ - public void setSecurityContextToken(SecurityContextToken securityContextToken) { - this.securityContextToken = securityContextToken; + public void setToken(Token token) { + this.token = token; } /** - * Get a SecurityContextToken to be validated - * @return a SecurityContextToken to be validated + * Get a token to be validated + * @return a token to be validated */ - public SecurityContextToken getSecurityContextToken() { - return securityContextToken; + public Token getToken() { + return token; } /** @@ -116,70 +109,6 @@ public class Credential { return certs; } - /** - * Set a Timestamp to be validated - * @param timestamp a Timestamp to be validated - */ - public void setTimestamp(Timestamp timestamp) { - this.timestamp = timestamp; - } - - /** - * Get a Timestamp to be validated - * @return a Timestamp to be validated - */ - public Timestamp getTimestamp() { - return timestamp; - } - - /** - * Set a UsernameToken to be validated - * @param usernametoken a UsernameToken to be validated - */ - public void setUsernametoken(UsernameToken usernametoken) { - this.usernametoken = usernametoken; - } - - /** - * Get a UsernameToken to be validated - * @return a UsernameToken to be validated - */ - public UsernameToken getUsernametoken() { - return usernametoken; - } - - /** - * Set the BinarySecurityToken to be validated - * @param binarySecurityToken the BinarySecurityToken to be validated - */ - public void setBinarySecurityToken(BinarySecurity binarySecurityToken) { - this.binarySecurityToken = binarySecurityToken; - } - - /** - * Get the BinarySecurityToken to be validated - * @return the BinarySecurityToken to be validated - */ - public BinarySecurity getBinarySecurityToken() { - return binarySecurityToken; - } - - /** - * Set an SamlAssertionWrapper to be validated - * @param samlAssertion an SamlAssertionWrapper to be validated - */ - public void setSamlAssertion(SamlAssertionWrapper samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Get an SamlAssertionWrapper to be validated - * @return an SamlAssertionWrapper to be validated - */ - public SamlAssertionWrapper getSamlAssertion() { - return samlAssertion; - } - /** * Set an SamlAssertionWrapper instance which corresponds to a Transformed Token. * @param transformedToken a transformed SamlAssertionWrapper instance diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java index abb916f00..73370a9bb 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java @@ -66,14 +66,14 @@ public class JAASUsernameTokenValidator implements Validator { * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - if (credential == null || credential.getUsernametoken() == null) { + if (credential == null || !(credential.getToken() instanceof UsernameToken)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } String user = null; String password = null; - UsernameToken usernameToken = credential.getUsernametoken(); + UsernameToken usernameToken = (UsernameToken)credential.getToken(); user = usernameToken.getName(); String pwType = usernameToken.getPasswordType(); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java index 1d7e5d915..21485575b 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java @@ -129,11 +129,11 @@ public class KerberosTokenValidator implements Validator { * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - if (credential == null || credential.getBinarySecurityToken() == null) { + if (credential == null || !(credential.getToken() instanceof BinarySecurity)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } - BinarySecurity binarySecurity = credential.getBinarySecurityToken(); + BinarySecurity binarySecurity = (BinarySecurity)credential.getToken(); if (!(binarySecurity instanceof KerberosSecurity)) { return credential; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java index 210538fbc..e510ca38b 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java @@ -96,10 +96,10 @@ public class SamlAssertionValidator extends SignatureTrustValidator { * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - if (credential == null || credential.getSamlAssertion() == null) { + if (credential == null || !(credential.getToken() instanceof SamlAssertionWrapper)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } - SamlAssertionWrapper samlAssertion = credential.getSamlAssertion(); + SamlAssertionWrapper samlAssertion = (SamlAssertionWrapper)credential.getToken(); // Check the Subject Confirmation requirements verifySubjectConfirmationMethod(samlAssertion); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java index 45ee6652c..d0a2479af 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java @@ -38,7 +38,7 @@ public class TimestampValidator implements Validator { * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - if (credential == null || credential.getTimestamp() == null) { + if (credential == null || !(credential.getToken() instanceof Timestamp)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } if (data.getWssConfig() == null) { @@ -49,7 +49,7 @@ public class TimestampValidator implements Validator { int timeStampTTL = data.getTimeStampTTL(); int futureTimeToLive = data.getTimeStampFutureTTL(); - Timestamp timeStamp = credential.getTimestamp(); + Timestamp timeStamp = (Timestamp)credential.getToken(); // See if the Timestamp has expired if (timeStampStrict && timeStamp.isExpired()) { diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java index 90a14a281..86bc04bf4 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java @@ -58,7 +58,7 @@ public class UsernameTokenValidator implements Validator { * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - if (credential == null || credential.getUsernametoken() == null) { + if (credential == null || !(credential.getToken() instanceof UsernameToken)) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } @@ -66,7 +66,7 @@ public class UsernameTokenValidator implements Validator { boolean passwordsAreEncoded = data.isEncodePasswords(); String requiredPasswordType = data.getRequiredPasswordType(); - UsernameToken usernameToken = credential.getUsernametoken(); + UsernameToken usernameToken = (UsernameToken)credential.getToken(); usernameToken.setPasswordsAreEncoded(passwordsAreEncoded); String pwType = usernameToken.getPasswordType(); diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java index 417a8b99f..4e8fabb14 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java @@ -34,7 +34,10 @@ public class CustomSamlAssertionValidator extends SamlAssertionValidator { // // Do some custom validation on the assertion // - SamlAssertionWrapper samlAssertion = credential.getSamlAssertion(); + if (!(credential.getToken() instanceof SamlAssertionWrapper)) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); + } + SamlAssertionWrapper samlAssertion = (SamlAssertionWrapper)credential.getToken(); if (!"www.example.com".equals(samlAssertion.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java index ad9f04af7..6ae8b12c3 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java @@ -434,7 +434,7 @@ public class BSTKerberosTest { private static class KerberosValidator implements Validator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - BinarySecurity token = credential.getBinarySecurityToken(); + BinarySecurity token = (BinarySecurity)credential.getToken(); if (token == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); } diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java index 5afef7b54..c7a851e3d 100644 --- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java +++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java @@ -297,7 +297,7 @@ public class ValidatorTest { private static class BSTValidator implements Validator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { - BinarySecurity token = credential.getBinarySecurityToken(); + BinarySecurity token = (BinarySecurity)credential.getToken(); if (token == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); } diff --git a/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java b/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java index 14a69d1dd..cb6f18fd5 100644 --- a/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java +++ b/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java @@ -28,6 +28,7 @@ import java.util.List; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoType; import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.common.token.Token; import org.apache.wss4j.saml.builder.SAML1ComponentBuilder; import org.apache.wss4j.saml.builder.SAML2ComponentBuilder; import org.apache.wss4j.common.util.DOM2Writer; @@ -67,7 +68,7 @@ import org.w3c.dom.Element; * Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1 * and SAML v2.0 assertions. */ -public class SamlAssertionWrapper { +public class SamlAssertionWrapper implements Token { /** * Field LOG */ @@ -709,10 +710,7 @@ public class SamlAssertionWrapper { return samlVersion; } - /** - * Get the Assertion as a DOM Element. - * @return the assertion as a DOM Element - */ + @Override public Element getElement() { return assertionElement; }