[4/4] cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted
being accepted
# Conflicts:
#
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
#
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
#
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
#
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
#
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d473c6c9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d473c6c9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d473c6c9
Branch: refs/heads/3.0.x-fixes
Commit: d473c6c97cb5ae6cba347048397e24d43edb30d4
Parents: e802824
Author: Colm O hEigeartaigh
Authored: Fri Oct 14 17:22:27 2016 +0100
Committer: Colm O hEigeartaigh
Committed: Fri Oct 14 18:23:39 2016 +0100
--
.../AbstractSupportingTokenPolicyValidator.java | 15 -
.../EncryptedTokenPolicyValidator.java | 10 +++
.../EndorsingEncryptedTokenPolicyValidator.java | 20 ++
.../SignedEncryptedTokenPolicyValidator.java| 20 ++
...dEndorsingEncryptedTokenPolicyValidator.java | 20 ++
services/sts/systests/pom.xml | 2 +-
.../systest/ws/tokens/SupportingTokenTest.java | 62 ++
.../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++
.../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++
.../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++
.../apache/cxf/systest/ws/tokens/tls-server.xml | 67
11 files changed, 332 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/d473c6c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index a6419dd..3dfbead 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -93,7 +93,12 @@ public abstract class AbstractSupportingTokenPolicyValidator
private EncryptedElements encryptedElements;
private SignedParts signedParts;
private EncryptedParts encryptedParts;
-
+private boolean enforceEncryptedTokens = true;
+
+protected abstract boolean isSigned();
+protected abstract boolean isEncrypted();
+protected abstract boolean isEndorsing();
+
/**
* Set the list of UsernameToken results
*/
@@ -508,7 +513,7 @@ public abstract class AbstractSupportingTokenPolicyValidator
* Return true if a list of tokens were encrypted, false otherwise.
*/
private boolean areTokensEncrypted(List tokens) {
-if (!isTLSInUse()) {
+if (enforceEncryptedTokens) {
for (WSSecurityEngineResult wser : tokens) {
Element tokenElement =
(Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
if (tokenElement == null || !isTokenEncrypted(tokenElement)) {
@@ -922,5 +927,11 @@ public abstract class
AbstractSupportingTokenPolicyValidator
}
}
}
+public boolean isEnforceEncryptedTokens() {
+return enforceEncryptedTokens;
+}
+public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) {
+this.enforceEncryptedTokens = enforceEncryptedTokens;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d473c6c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
index 2ebb47c..1452bee 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
+++
b/rt/ws/secur
[1/2] cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes bca463062 -> 3997c7b6c
CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted
being accepted
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/011725e4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/011725e4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/011725e4
Branch: refs/heads/3.1.x-fixes
Commit: 011725e4de2026bbebb6a732764a86d9a2ae4109
Parents: bca4630
Author: Colm O hEigeartaigh
Authored: Fri Oct 14 17:22:27 2016 +0100
Committer: Colm O hEigeartaigh
Committed: Fri Oct 14 17:37:32 2016 +0100
--
.../AbstractSupportingTokenPolicyValidator.java | 13 +++-
.../EncryptedTokenPolicyValidator.java | 10 +++
.../EndorsingEncryptedTokenPolicyValidator.java | 10 +++
.../SignedEncryptedTokenPolicyValidator.java| 10 +++
...dEndorsingEncryptedTokenPolicyValidator.java | 10 +++
services/sts/systests/pom.xml | 2 +-
.../systest/ws/tokens/SupportingTokenTest.java | 62 ++
.../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++
.../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++
.../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++
.../apache/cxf/systest/ws/tokens/tls-server.xml | 67
11 files changed, 299 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/011725e4/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index b52a804..b655fc3 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -78,11 +78,12 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
private EncryptedElements encryptedElements;
private SignedParts signedParts;
private EncryptedParts encryptedParts;
+private boolean enforceEncryptedTokens = true;
protected abstract boolean isSigned();
protected abstract boolean isEncrypted();
protected abstract boolean isEndorsing();
-
+
/**
* Process UsernameTokens.
*/
@@ -429,7 +430,7 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
return null;
}
-private boolean isTLSInUse(Message message) {
+protected boolean isTLSInUse(Message message) {
// See whether TLS is in use or not
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
return tlsInfo != null;
@@ -480,7 +481,7 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
private boolean areTokensEncrypted(List tokens,
List
encryptedResults,
Message message) {
-if (!isTLSInUse(message)) {
+if (enforceEncryptedTokens) {
for (WSSecurityEngineResult wser : tokens) {
Element tokenElement =
(Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
if (tokenElement == null || !isTokenEncrypted(tokenElement,
encryptedResults)) {
@@ -883,5 +884,11 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
}
}
}
+public boolean isEnforceEncryptedTokens() {
+return enforceEncryptedTokens;
+}
+public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) {
+this.enforceEncryptedTokens = enforceEncryptedTokens;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/011725e4/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
index adffac4..8e59d15 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyVali
cxf git commit: CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted being accepted
Repository: cxf
Updated Branches:
refs/heads/master 19d8da7f0 -> 3c4dda5e9
CXF-7088 - SignedEncryptedSupportingTokens in WS-Policy and SAML not encrypted
being accepted
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3c4dda5e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3c4dda5e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3c4dda5e
Branch: refs/heads/master
Commit: 3c4dda5e9b1549e45f133e8b912450e303fa214f
Parents: 19d8da7
Author: Colm O hEigeartaigh
Authored: Fri Oct 14 17:22:27 2016 +0100
Committer: Colm O hEigeartaigh
Committed: Fri Oct 14 17:22:27 2016 +0100
--
.../AbstractSupportingTokenPolicyValidator.java | 13 +++-
.../EncryptedTokenPolicyValidator.java | 10 +++
.../EndorsingEncryptedTokenPolicyValidator.java | 10 +++
.../SignedEncryptedTokenPolicyValidator.java| 10 +++
...dEndorsingEncryptedTokenPolicyValidator.java | 10 +++
services/sts/systests/pom.xml | 2 +-
.../systest/ws/tokens/SupportingTokenTest.java | 62 ++
.../apache/cxf/systest/ws/tokens/TLSServer.java | 47 ++
.../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 6 ++
.../apache/cxf/systest/ws/tokens/tls-client.xml | 66 +++
.../apache/cxf/systest/ws/tokens/tls-server.xml | 67
11 files changed, 299 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/3c4dda5e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index b52a804..b655fc3 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -78,11 +78,12 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
private EncryptedElements encryptedElements;
private SignedParts signedParts;
private EncryptedParts encryptedParts;
+private boolean enforceEncryptedTokens = true;
protected abstract boolean isSigned();
protected abstract boolean isEncrypted();
protected abstract boolean isEndorsing();
-
+
/**
* Process UsernameTokens.
*/
@@ -429,7 +430,7 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
return null;
}
-private boolean isTLSInUse(Message message) {
+protected boolean isTLSInUse(Message message) {
// See whether TLS is in use or not
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
return tlsInfo != null;
@@ -480,7 +481,7 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
private boolean areTokensEncrypted(List tokens,
List
encryptedResults,
Message message) {
-if (!isTLSInUse(message)) {
+if (enforceEncryptedTokens) {
for (WSSecurityEngineResult wser : tokens) {
Element tokenElement =
(Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
if (tokenElement == null || !isTokenEncrypted(tokenElement,
encryptedResults)) {
@@ -883,5 +884,11 @@ public abstract class
AbstractSupportingTokenPolicyValidator extends AbstractSec
}
}
}
+public boolean isEnforceEncryptedTokens() {
+return enforceEncryptedTokens;
+}
+public void setEnforceEncryptedTokens(boolean enforceEncryptedTokens) {
+this.enforceEncryptedTokens = enforceEncryptedTokens;
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3c4dda5e/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
index adffac4..8e59d15 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
