[4/4] cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted # Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d473c6c9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d473c6c9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d473c6c9 Branch: refs/heads/3.0.x-fixes Commit: d473c6c97cb5ae6cba347048397e24d43edb30d4 Parents: e802824 Author: Colm O hEigeartaigh Authored: Fri Oct 14 17:22:27 2016 +0100 Committer: Colm O hEigeartaigh Committed: Fri Oct 14 18:23:39 2016 +0100 -- .../AbstractSupportingTokenPolicyValidator.java | 15 - .../EncryptedTokenPolicyValidator.java | 10 +++ .../EndorsingEncryptedTokenPolicyValidator.java | 20 ++ .../SignedEncryptedTokenPolicyValidator.java| 20 ++ ...dEndorsingEncryptedTokenPolicyValidator.java | 20 ++ services/sts/systests/pom.xml | 2 +- .../systest/ws/tokens/SupportingTokenTest.java | 62 ++ .../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++ .../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++ .../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++ .../apache/cxf/systest/ws/tokens/tls-server.xml | 67 11 files changed, 332 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d473c6c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java index a6419dd..3dfbead 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java @@ -93,7 +93,12 @@ public abstract class AbstractSupportingTokenPolicyValidator private EncryptedElements encryptedElements; private SignedParts signedParts; private EncryptedParts encryptedParts; - +private boolean enforceEncryptedTokens = true; + +protected abstract boolean isSigned(); +protected abstract boolean isEncrypted(); +protected abstract boolean isEndorsing(); + /** * Set the list of UsernameToken results */ @@ -508,7 +513,7 @@ public abstract class AbstractSupportingTokenPolicyValidator * Return true if a list of tokens were encrypted, false otherwise. */ private boolean areTokensEncrypted(List tokens) { -if (!isTLSInUse()) { +if (enforceEncryptedTokens) { for (WSSecurityEngineResult wser : tokens) { Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); if (tokenElement == null || !isTokenEncrypted(tokenElement)) { @@ -922,5 +927,11 @@ public abstract class AbstractSupportingTokenPolicyValidator } } } +public boolean isEnforceEncryptedTokens() { +return enforceEncryptedTokens; +} +public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) { +this.enforceEncryptedTokens = enforceEncryptedTokens; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/d473c6c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java index 2ebb47c..1452bee 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java +++ b/rt/ws/secur
[1/2] cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes bca463062 -> 3997c7b6c CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/011725e4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/011725e4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/011725e4 Branch: refs/heads/3.1.x-fixes Commit: 011725e4de2026bbebb6a732764a86d9a2ae4109 Parents: bca4630 Author: Colm O hEigeartaigh Authored: Fri Oct 14 17:22:27 2016 +0100 Committer: Colm O hEigeartaigh Committed: Fri Oct 14 17:37:32 2016 +0100 -- .../AbstractSupportingTokenPolicyValidator.java | 13 +++- .../EncryptedTokenPolicyValidator.java | 10 +++ .../EndorsingEncryptedTokenPolicyValidator.java | 10 +++ .../SignedEncryptedTokenPolicyValidator.java| 10 +++ ...dEndorsingEncryptedTokenPolicyValidator.java | 10 +++ services/sts/systests/pom.xml | 2 +- .../systest/ws/tokens/SupportingTokenTest.java | 62 ++ .../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++ .../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++ .../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++ .../apache/cxf/systest/ws/tokens/tls-server.xml | 67 11 files changed, 299 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/011725e4/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java index b52a804..b655fc3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java @@ -78,11 +78,12 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec private EncryptedElements encryptedElements; private SignedParts signedParts; private EncryptedParts encryptedParts; +private boolean enforceEncryptedTokens = true; protected abstract boolean isSigned(); protected abstract boolean isEncrypted(); protected abstract boolean isEndorsing(); - + /** * Process UsernameTokens. */ @@ -429,7 +430,7 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec return null; } -private boolean isTLSInUse(Message message) { +protected boolean isTLSInUse(Message message) { // See whether TLS is in use or not TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); return tlsInfo != null; @@ -480,7 +481,7 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec private boolean areTokensEncrypted(List tokens, List encryptedResults, Message message) { -if (!isTLSInUse(message)) { +if (enforceEncryptedTokens) { for (WSSecurityEngineResult wser : tokens) { Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); if (tokenElement == null || !isTokenEncrypted(tokenElement, encryptedResults)) { @@ -883,5 +884,11 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec } } } +public boolean isEnforceEncryptedTokens() { +return enforceEncryptedTokens; +} +public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) { +this.enforceEncryptedTokens = enforceEncryptedTokens; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/011725e4/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java index adffac4..8e59d15 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyVali
cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
Repository: cxf Updated Branches: refs/heads/master 19d8da7f0 -> 3c4dda5e9 CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3c4dda5e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3c4dda5e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3c4dda5e Branch: refs/heads/master Commit: 3c4dda5e9b1549e45f133e8b912450e303fa214f Parents: 19d8da7 Author: Colm O hEigeartaigh Authored: Fri Oct 14 17:22:27 2016 +0100 Committer: Colm O hEigeartaigh Committed: Fri Oct 14 17:22:27 2016 +0100 -- .../AbstractSupportingTokenPolicyValidator.java | 13 +++- .../EncryptedTokenPolicyValidator.java | 10 +++ .../EndorsingEncryptedTokenPolicyValidator.java | 10 +++ .../SignedEncryptedTokenPolicyValidator.java| 10 +++ ...dEndorsingEncryptedTokenPolicyValidator.java | 10 +++ services/sts/systests/pom.xml | 2 +- .../systest/ws/tokens/SupportingTokenTest.java | 62 ++ .../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++ .../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++ .../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++ .../apache/cxf/systest/ws/tokens/tls-server.xml | 67 11 files changed, 299 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3c4dda5e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java index b52a804..b655fc3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java @@ -78,11 +78,12 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec private EncryptedElements encryptedElements; private SignedParts signedParts; private EncryptedParts encryptedParts; +private boolean enforceEncryptedTokens = true; protected abstract boolean isSigned(); protected abstract boolean isEncrypted(); protected abstract boolean isEndorsing(); - + /** * Process UsernameTokens. */ @@ -429,7 +430,7 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec return null; } -private boolean isTLSInUse(Message message) { +protected boolean isTLSInUse(Message message) { // See whether TLS is in use or not TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class); return tlsInfo != null; @@ -480,7 +481,7 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec private boolean areTokensEncrypted(List tokens, List encryptedResults, Message message) { -if (!isTLSInUse(message)) { +if (enforceEncryptedTokens) { for (WSSecurityEngineResult wser : tokens) { Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); if (tokenElement == null || !isTokenEncrypted(tokenElement, encryptedResults)) { @@ -883,5 +884,11 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec } } } +public boolean isEnforceEncryptedTokens() { +return enforceEncryptedTokens; +} +public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) { +this.enforceEncryptedTokens = enforceEncryptedTokens; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/3c4dda5e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java index adffac4..8e59d15 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java