This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor by this
push:
new ad4d9f55a Refactor of Credential class
ad4d9f55a is described below
commit ad4d9f55a0f324fe05dbf4c2a8aadac033c908c8
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Fri Nov 3 08:18:07 2023 +0000
Refactor of Credential class
---
.../apache/wss4j/common/token/BinarySecurity.java | 8 +-
.../java/org/apache/wss4j/common/token/Token.java | 34 ++++++++
.../wss4j/dom/message/token/DerivedKeyToken.java | 9 +--
.../dom/message/token/SecurityContextToken.java | 9 +--
.../apache/wss4j/dom/message/token/Timestamp.java | 9 +--
.../wss4j/dom/message/token/UsernameToken.java | 9 +--
.../processor/BinarySecurityTokenProcessor.java | 2 +-
.../wss4j/dom/processor/SAMLTokenProcessor.java | 9 ++-
.../processor/SecurityContextTokenProcessor.java | 2 +-
.../wss4j/dom/processor/TimestampProcessor.java | 2 +-
.../dom/processor/UsernameTokenProcessor.java | 9 ++-
.../org/apache/wss4j/dom/validate/Credential.java | 91 +++-------------------
.../dom/validate/JAASUsernameTokenValidator.java | 4 +-
.../wss4j/dom/validate/KerberosTokenValidator.java | 4 +-
.../wss4j/dom/validate/SamlAssertionValidator.java | 4 +-
.../wss4j/dom/validate/TimestampValidator.java | 4 +-
.../wss4j/dom/validate/UsernameTokenValidator.java | 4 +-
.../dom/common/CustomSamlAssertionValidator.java | 5 +-
.../wss4j/dom/message/token/BSTKerberosTest.java | 2 +-
.../apache/wss4j/dom/validate/ValidatorTest.java | 2 +-
.../apache/wss4j/saml/SamlAssertionWrapper.java | 8 +-
21 files changed, 94 insertions(+), 136 deletions(-)
diff --git
a/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
index bf720dd9e..7a20839bc 100644
---
a/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
+++
b/ws-security-common/src/main/java/org/apache/wss4j/common/token/BinarySecurity.java
@@ -42,7 +42,7 @@ import org.w3c.dom.Text;
/**
* Binary Security Token.
*/
-public class BinarySecurity {
+public class BinarySecurity implements Token {
public static final QName TOKEN_BST = new QName(WSS4JConstants.WSSE_NS,
"BinarySecurityToken");
public static final QName TOKEN_KI = new QName(WSS4JConstants.WSSE_NS,
"KeyIdentifier");
private static final org.slf4j.Logger LOG =
@@ -263,11 +263,7 @@ public class BinarySecurity {
return (Text)element.appendChild(textNode);
}
- /**
- * return the dom element.
- *
- * @return the dom element.
- */
+ @Override
public Element getElement() {
return element;
}
diff --git
a/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java
b/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java
new file mode 100644
index 000000000..cbafc87b6
--- /dev/null
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/token/Token.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.token;
+
+import org.w3c.dom.Element;
+
+/**
+ * A interface which describes a Security Token.
+ */
+public interface Token {
+
+ /**
+ * Get the Token as a DOM Element
+ * @return the Token as a DOM Element
+ */
+ Element getElement();
+}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
index eea34fc21..e9d150b8e 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/DerivedKeyToken.java
@@ -34,6 +34,7 @@ import
org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.derivedKey.DerivedKeyUtils;
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
import org.apache.wss4j.common.token.SecurityTokenReference;
+import org.apache.wss4j.common.token.Token;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -54,7 +55,7 @@ import org.w3c.dom.Text;
</DerivedKeyToken>
*/
-public class DerivedKeyToken {
+public class DerivedKeyToken implements Token {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DerivedKeyToken.class);
@@ -469,11 +470,7 @@ public class DerivedKeyToken {
return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text)
node : null;
}
- /**
- * Returns the dom element of this <code>SecurityContextToken</code>
object.
- *
- * @return the DerivedKeyToken element
- */
+ @Override
public Element getElement() {
return element;
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
index 27f652ece..edc62102a 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/SecurityContextToken.java
@@ -21,6 +21,7 @@ package org.apache.wss4j.dom.message.token;
import javax.xml.namespace.QName;
+import org.apache.wss4j.common.token.Token;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DOM2Writer;
@@ -32,7 +33,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
-public class SecurityContextToken {
+public class SecurityContextToken implements Token {
/**
* Security context token element
@@ -241,11 +242,7 @@ public class SecurityContextToken {
return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text)
node : null;
}
- /**
- * Returns the dom element of this <code>SecurityContextToken</code>
object.
- *
- * @return the <code>wsse:SecurityContextToken</code> element
- */
+ @Override
public Element getElement() {
return element;
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
index 8fd219129..d71f4cbec 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/Timestamp.java
@@ -29,6 +29,7 @@ import java.time.temporal.ChronoField;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.token.Token;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.WSCurrentTimeSource;
@@ -44,7 +45,7 @@ import org.w3c.dom.Text;
* Timestamp according to SOAP Message Security 1.0,
* chapter 10 / appendix A.2
*/
-public class Timestamp {
+public class Timestamp implements Token {
private Element element;
private Instant created;
@@ -210,11 +211,7 @@ public class Timestamp {
element.setAttributeNS(XMLUtils.XMLNS_NS, "xmlns:" +
WSConstants.WSU_PREFIX, WSConstants.WSU_NS);
}
- /**
- * Returns the dom element of this <code>Timestamp</code> object.
- *
- * @return the <code>wsse:UsernameToken</code> element
- */
+ @Override
public Element getElement() {
return element;
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
index a008bd902..e89ae1217 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/UsernameToken.java
@@ -34,6 +34,7 @@ import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.common.token.Token;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.UsernameTokenUtil;
@@ -53,7 +54,7 @@ import org.w3c.dom.Text;
* Enhanced to support digest password type for username token signature
* Enhanced to support passwordless usernametokens as allowed by spec.
*/
-public class UsernameToken {
+public class UsernameToken implements Token {
public static final String BASE64_ENCODING = WSConstants.SOAPMESSAGE_NS +
"#Base64Binary";
public static final String PASSWORD_TYPE = "passwordType";
public static final int DEFAULT_ITERATION = 1000;
@@ -532,11 +533,7 @@ public class UsernameToken {
return node != null && Node.TEXT_NODE == node.getNodeType() ? (Text)
node : null;
}
- /**
- * Returns the dom element of this <code>UsernameToken</code> object.
- *
- * @return the <code>wsse:UsernameToken</code> element
- */
+ @Override
public Element getElement() {
return element;
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
index 14aae8fa3..e35c3f684 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
@@ -87,7 +87,7 @@ public class BinarySecurityTokenProcessor implements
Processor {
if (validator != null) {
// Hook to allow the user to validate the BinarySecurityToken
Credential credential = new Credential();
- credential.setBinarySecurityToken(token);
+ credential.setToken(token);
credential.setCertificates(certs);
Credential returnedCredential = validator.validate(credential,
data);
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
index 2c9f61b1c..cc809cddf 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
@@ -96,7 +96,12 @@ public class SAMLTokenProcessor implements Processor {
List<WSDataRef> dataRefs = createDataRefs(elem, samlAssertion,
xmlSignature);
Credential credential = handleSAMLToken(samlAssertion, data,
validator);
- samlAssertion = credential.getSamlAssertion();
+ if (!(credential.getToken() instanceof SamlAssertionWrapper)) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"
+ );
+ }
+ samlAssertion = (SamlAssertionWrapper)credential.getToken();
if (LOG.isDebugEnabled()) {
LOG.debug("SAML Assertion issuer " +
samlAssertion.getIssuerString());
LOG.debug(DOM2Writer.nodeToString(elem));
@@ -165,7 +170,7 @@ public class SAMLTokenProcessor implements Processor {
// Now delegate the rest of the verification to the Validator
Credential credential = new Credential();
- credential.setSamlAssertion(samlAssertion);
+ credential.setToken(samlAssertion);
if (validator != null) {
return validator.validate(credential, data);
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
index ae1db72e9..b2aaa8741 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
@@ -57,7 +57,7 @@ public class SecurityContextTokenProcessor implements
Processor {
if (validator != null) {
// Hook to allow the user to validate the SecurityContextToken
Credential credential = new Credential();
- credential.setSecurityContextToken(sct);
+ credential.setToken(sct);
Credential returnedCredential = validator.validate(credential,
data);
result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN,
Boolean.TRUE);
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java
index c6d2fbe80..7cd40d94e 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/TimestampProcessor.java
@@ -44,7 +44,7 @@ public class TimestampProcessor implements Processor {
//
Timestamp timestamp = new Timestamp(elem, data.getBSPEnforcer());
Credential credential = new Credential();
- credential.setTimestamp(timestamp);
+ credential.setToken(timestamp);
WSSecurityEngineResult result =
new WSSecurityEngineResult(WSConstants.TS, timestamp);
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
index cccda5a38..594fea03e 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
@@ -61,7 +61,12 @@ public class UsernameTokenProcessor implements Processor {
Validator validator = data.getValidator(WSConstants.USERNAME_TOKEN);
Credential credential = handleUsernameToken(elem, validator, data);
- UsernameToken token = credential.getUsernametoken();
+ if (!(credential.getToken() instanceof UsernameToken)) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "invalidToken", new
Object[] {"Username"}
+ );
+ }
+ UsernameToken token = (UsernameToken)credential.getToken();
int action = WSConstants.UT;
byte[] secretKey = null;
@@ -167,7 +172,7 @@ public class UsernameTokenProcessor implements Processor {
}
Credential credential = new Credential();
- credential.setUsernametoken(ut);
+ credential.setToken(ut);
if (validator != null) {
return validator.validate(credential, data);
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java
index 645866fcc..47abf4190 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/Credential.java
@@ -26,10 +26,7 @@ import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import org.apache.wss4j.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.token.BinarySecurity;
-import org.apache.wss4j.dom.message.token.SecurityContextToken;
-import org.apache.wss4j.dom.message.token.Timestamp;
-import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.common.token.Token;
/**
* This class stores various Credential types that can be validated and/or
returned by a
@@ -40,31 +37,27 @@ public class Credential {
private PublicKey publicKey;
private X509Certificate[] certs;
- private Timestamp timestamp;
- private UsernameToken usernametoken;
- private BinarySecurity binarySecurityToken;
- private SamlAssertionWrapper samlAssertion;
+ private Token token;
private SamlAssertionWrapper transformedToken;
- private SecurityContextToken securityContextToken;
private Principal principal;
private byte[] secretKey;
private Subject subject;
private Object delegationCredential;
/**
- * Set a SecurityContextToken to be validated
- * @param securityContextToken a SecurityContextToken to be validated
+ * Set a token to be validated
+ * @param token a token to be validated
*/
- public void setSecurityContextToken(SecurityContextToken
securityContextToken) {
- this.securityContextToken = securityContextToken;
+ public void setToken(Token token) {
+ this.token = token;
}
/**
- * Get a SecurityContextToken to be validated
- * @return a SecurityContextToken to be validated
+ * Get a token to be validated
+ * @return a token to be validated
*/
- public SecurityContextToken getSecurityContextToken() {
- return securityContextToken;
+ public Token getToken() {
+ return token;
}
/**
@@ -116,70 +109,6 @@ public class Credential {
return certs;
}
- /**
- * Set a Timestamp to be validated
- * @param timestamp a Timestamp to be validated
- */
- public void setTimestamp(Timestamp timestamp) {
- this.timestamp = timestamp;
- }
-
- /**
- * Get a Timestamp to be validated
- * @return a Timestamp to be validated
- */
- public Timestamp getTimestamp() {
- return timestamp;
- }
-
- /**
- * Set a UsernameToken to be validated
- * @param usernametoken a UsernameToken to be validated
- */
- public void setUsernametoken(UsernameToken usernametoken) {
- this.usernametoken = usernametoken;
- }
-
- /**
- * Get a UsernameToken to be validated
- * @return a UsernameToken to be validated
- */
- public UsernameToken getUsernametoken() {
- return usernametoken;
- }
-
- /**
- * Set the BinarySecurityToken to be validated
- * @param binarySecurityToken the BinarySecurityToken to be validated
- */
- public void setBinarySecurityToken(BinarySecurity binarySecurityToken) {
- this.binarySecurityToken = binarySecurityToken;
- }
-
- /**
- * Get the BinarySecurityToken to be validated
- * @return the BinarySecurityToken to be validated
- */
- public BinarySecurity getBinarySecurityToken() {
- return binarySecurityToken;
- }
-
- /**
- * Set an SamlAssertionWrapper to be validated
- * @param samlAssertion an SamlAssertionWrapper to be validated
- */
- public void setSamlAssertion(SamlAssertionWrapper samlAssertion) {
- this.samlAssertion = samlAssertion;
- }
-
- /**
- * Get an SamlAssertionWrapper to be validated
- * @return an SamlAssertionWrapper to be validated
- */
- public SamlAssertionWrapper getSamlAssertion() {
- return samlAssertion;
- }
-
/**
* Set an SamlAssertionWrapper instance which corresponds to a Transformed
Token.
* @param transformedToken a transformed SamlAssertionWrapper instance
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java
index abb916f00..73370a9bb 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/JAASUsernameTokenValidator.java
@@ -66,14 +66,14 @@ public class JAASUsernameTokenValidator implements
Validator {
* @throws WSSecurityException on a failed validation
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
- if (credential == null || credential.getUsernametoken() == null) {
+ if (credential == null || !(credential.getToken() instanceof
UsernameToken)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
String user = null;
String password = null;
- UsernameToken usernameToken = credential.getUsernametoken();
+ UsernameToken usernameToken = (UsernameToken)credential.getToken();
user = usernameToken.getName();
String pwType = usernameToken.getPasswordType();
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
index 1d7e5d915..21485575b 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/KerberosTokenValidator.java
@@ -129,11 +129,11 @@ public class KerberosTokenValidator implements Validator {
* @throws WSSecurityException on a failed validation
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
- if (credential == null || credential.getBinarySecurityToken() == null)
{
+ if (credential == null || !(credential.getToken() instanceof
BinarySecurity)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
- BinarySecurity binarySecurity = credential.getBinarySecurityToken();
+ BinarySecurity binarySecurity = (BinarySecurity)credential.getToken();
if (!(binarySecurity instanceof KerberosSecurity)) {
return credential;
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
index 210538fbc..e510ca38b 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
@@ -96,10 +96,10 @@ public class SamlAssertionValidator extends
SignatureTrustValidator {
* @throws WSSecurityException on a failed validation
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
- if (credential == null || credential.getSamlAssertion() == null) {
+ if (credential == null || !(credential.getToken() instanceof
SamlAssertionWrapper)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
- SamlAssertionWrapper samlAssertion = credential.getSamlAssertion();
+ SamlAssertionWrapper samlAssertion =
(SamlAssertionWrapper)credential.getToken();
// Check the Subject Confirmation requirements
verifySubjectConfirmationMethod(samlAssertion);
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
index 45ee6652c..d0a2479af 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
@@ -38,7 +38,7 @@ public class TimestampValidator implements Validator {
* @throws WSSecurityException on a failed validation
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
- if (credential == null || credential.getTimestamp() == null) {
+ if (credential == null || !(credential.getToken() instanceof
Timestamp)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
if (data.getWssConfig() == null) {
@@ -49,7 +49,7 @@ public class TimestampValidator implements Validator {
int timeStampTTL = data.getTimeStampTTL();
int futureTimeToLive = data.getTimeStampFutureTTL();
- Timestamp timeStamp = credential.getTimestamp();
+ Timestamp timeStamp = (Timestamp)credential.getToken();
// See if the Timestamp has expired
if (timeStampStrict && timeStamp.isExpired()) {
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
index 90a14a281..86bc04bf4 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
@@ -58,7 +58,7 @@ public class UsernameTokenValidator implements Validator {
* @throws WSSecurityException on a failed validation
*/
public Credential validate(Credential credential, RequestData data) throws
WSSecurityException {
- if (credential == null || credential.getUsernametoken() == null) {
+ if (credential == null || !(credential.getToken() instanceof
UsernameToken)) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
@@ -66,7 +66,7 @@ public class UsernameTokenValidator implements Validator {
boolean passwordsAreEncoded = data.isEncodePasswords();
String requiredPasswordType = data.getRequiredPasswordType();
- UsernameToken usernameToken = credential.getUsernametoken();
+ UsernameToken usernameToken = (UsernameToken)credential.getToken();
usernameToken.setPasswordsAreEncoded(passwordsAreEncoded);
String pwType = usernameToken.getPasswordType();
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
index 417a8b99f..4e8fabb14 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomSamlAssertionValidator.java
@@ -34,7 +34,10 @@ public class CustomSamlAssertionValidator extends
SamlAssertionValidator {
//
// Do some custom validation on the assertion
//
- SamlAssertionWrapper samlAssertion = credential.getSamlAssertion();
+ if (!(credential.getToken() instanceof SamlAssertionWrapper)) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
+ }
+ SamlAssertionWrapper samlAssertion =
(SamlAssertionWrapper)credential.getToken();
if (!"www.example.com".equals(samlAssertion.getIssuerString())) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
index ad9f04af7..6ae8b12c3 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/BSTKerberosTest.java
@@ -434,7 +434,7 @@ public class BSTKerberosTest {
private static class KerberosValidator implements Validator {
public Credential validate(Credential credential, RequestData data)
throws WSSecurityException {
- BinarySecurity token = credential.getBinarySecurityToken();
+ BinarySecurity token = (BinarySecurity)credential.getToken();
if (token == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
index 5afef7b54..c7a851e3d 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/validate/ValidatorTest.java
@@ -297,7 +297,7 @@ public class ValidatorTest {
private static class BSTValidator implements Validator {
public Credential validate(Credential credential, RequestData data)
throws WSSecurityException {
- BinarySecurity token = credential.getBinarySecurityToken();
+ BinarySecurity token = (BinarySecurity)credential.getToken();
if (token == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
diff --git
a/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java
b/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java
index 14a69d1dd..cb6f18fd5 100644
---
a/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java
+++
b/ws-security-saml/src/main/java/org/apache/wss4j/saml/SamlAssertionWrapper.java
@@ -28,6 +28,7 @@ import java.util.List;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.token.Token;
import org.apache.wss4j.saml.builder.SAML1ComponentBuilder;
import org.apache.wss4j.saml.builder.SAML2ComponentBuilder;
import org.apache.wss4j.common.util.DOM2Writer;
@@ -67,7 +68,7 @@ import org.w3c.dom.Element;
* Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1
* and SAML v2.0 assertions.
*/
-public class SamlAssertionWrapper {
+public class SamlAssertionWrapper implements Token {
/**
* Field LOG
*/
@@ -709,10 +710,7 @@ public class SamlAssertionWrapper {
return samlVersion;
}
- /**
- * Get the Assertion as a DOM Element.
- * @return the assertion as a DOM Element
- */
+ @Override
public Element getElement() {
return assertionElement;
}
