This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch wss4j_2.3.0 in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e640776bb74aaf4d4f479c6f3daae0865ab17025 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Fri Feb 1 11:20:57 2019 +0000 Picking up more derived key changes in WSS4J --- .../wss4j/policyhandlers/AbstractBindingBuilder.java | 1 + .../wss4j/policyhandlers/AsymmetricBindingHandler.java | 12 ++++++++++-- .../wss4j/policyhandlers/SymmetricBindingHandler.java | 18 ++++++++++++++++-- .../wss4j/policyhandlers/TransportBindingHandler.java | 2 ++ 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index be9b13a..d6529d8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -2096,6 +2096,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } addSig(dkSign.getSignatureValue()); + dkSign.clean(); } private void doSymmSignature(AbstractToken policyToken, SecurityToken tok, diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 09cd142..3896fa5 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -229,15 +229,18 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { } if (encToken != null) { + WSSecBase encr = null; if (encToken.getToken() != null && !enc.isEmpty()) { if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { - doEncryptionDerived(encToken, enc); + encr = doEncryptionDerived(encToken, enc); } else { String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption(); KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm); SecretKey symmetricKey = keyGen.generateKey(); - doEncryption(encToken, enc, false, symmetricKey); + encr = doEncryption(encToken, enc, false, symmetricKey); } + + encr.clean(); } assertTokenWrapper(encToken); assertToken(encToken.getToken()); @@ -394,6 +397,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (encrBase != null) { encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey); + encrBase.clean(); } } @@ -663,6 +667,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) { WSSecSignature sig = getSignatureBuilder(sigToken, attached, false); sig.appendBSTElementToHeader(); + sig.clean(); } return; } @@ -735,6 +740,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { mainSigId = dkSign.getSignatureId(); } + dkSign.clean(); } catch (Exception ex) { LOG.log(Level.FINE, ex.getMessage(), ex); throw new Fault(ex); @@ -781,6 +787,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { mainSigId = sig.getId(); } + + sig.clean(); } } diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 8a4d5d9..0567126 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -283,6 +283,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { } } } + + if (encr != null) { + encr.clean(); + } } } catch (RuntimeException ex) { LOG.log(Level.FINE, ex.getMessage(), ex); @@ -408,8 +412,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { } if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) { + WSSecBase encr = null; if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { - doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false); + encr = doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false); } else { byte[] ephemeralKey = encrTok.getSecret(); SecretKey symmetricKey = null; @@ -420,8 +425,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm); symmetricKey = keyGen.generateKey(); } - doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey); + encr = doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey); } + + encr.clean(); } } catch (Exception e) { LOG.log(Level.FINE, e.getMessage(), e); @@ -800,8 +807,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { this.mainSigId = dkSign.getSignatureId(); + dkSign.clean(); return dkSign.getSignatureValue(); } + + dkSign.clean(); return null; } @@ -933,8 +943,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { bottomUpElement = sig.getSignatureElement(); this.mainSigId = sig.getId(); + + sig.clean(); return sig.getSignatureValue(); } + + sig.clean(); return null; } diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index 33ae0dd..4be39d2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -404,6 +404,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder { dkSig.appendDKElementToHeader(); dkSig.computeSignature(referenceList, false, null); + dkSig.clean(); return dkSig.getSignatureValue(); } WSSecSignature sig = getSignatureBuilder(token, false, false); @@ -514,6 +515,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder { //Do signature dkSign.computeSignature(referenceList, false, null); + dkSign.clean(); return dkSign.getSignatureValue(); }