svn commit: r1440633 - in /axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart: PolicyBasedResultsValidator.java errors.properties

Wed, 30 Jan 2013 12:04:06 -0800 

Author: ruchithf
Date: Wed Jan 30 20:03:41 2013
New Revision: 1440633

URL: http://svn.apache.org/viewvc?rev=1440633&view=rev
Log:
Validating password type included in the username token

Modified:
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
    
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1440633&r1=1440632&r2=1440633&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 Wed Jan 30 20:03:41 2013
@@ -39,7 +39,6 @@ import org.jaxen.JaxenException;
 
 import javax.xml.namespace.QName;
 import java.math.BigInteger;
-import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.util.*;
 
@@ -317,9 +316,19 @@ public class PolicyBasedResultsValidator
                 UsernameToken ut = (UsernameToken) token;
                 //Check presence of a UsernameToken
                 WSSecurityEngineResult utResult = 
WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+                
                 if (utResult == null && !ut.isOptional()) {
                     throw new RampartException("usernameTokenMissing");
                 }
+                
+                org.apache.ws.security.message.token.UsernameToken wssUt = 
+                               
(org.apache.ws.security.message.token.UsernameToken) 
utResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
+                if(ut.isHashPassword() && 
!wssUt.getPasswordType().equals(WSConstants.PASSWORD_DIGEST)) {
+                       throw new RampartException("invalidUsernameTokenType");
+                } else if 
(!wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT)) {
+                       throw new RampartException("invalidUsernameTokenType");
+                }
+                
 
             } else if (token instanceof IssuedToken) {
                 //TODO is is enough to check for ST_UNSIGNED results ??

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?rev=1440633&r1=1440632&r2=1440633&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
 Wed Jan 30 20:03:41 2013
@@ -103,4 +103,4 @@ repeatingNonceValue = Nonce value : {0},
 invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart 
configuration file.
 invalidIssuerAddress = Invalid value for Issuer
 invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
-
+invalidUsernameTokenType = Invalid UsernameToken Type.

Reply via email to