Repository: cxf Updated Branches: refs/heads/master 2cd4f136a -> 2561af88d
[CXF-6105] - CXF 3.x does not use the older WS-SecurityPolicy 1.1 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2561af88 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2561af88 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2561af88 Branch: refs/heads/master Commit: 2561af88db461b9c5480acb2a32cd0210fd79668 Parents: 2cd4f13 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Nov 14 17:15:46 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Nov 14 17:16:36 2014 +0000 ---------------------------------------------------------------------- .../wss4j/policyhandlers/AbstractBindingBuilder.java | 4 ++-- .../wss4j/policyhandlers/AsymmetricBindingHandler.java | 8 ++++++++ .../wss4j/policyhandlers/SymmetricBindingHandler.java | 8 ++++---- .../wss4j/policyhandlers/TransportBindingHandler.java | 7 +++++-- 4 files changed, 19 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2561af88/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index aeec3cb..87e6cb6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1902,8 +1902,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecDKSign dkSign = new WSSecDKSign(wssConfig); //Check whether it is security policy 1.2 and use the secure conversation accordingly - if (policyToken.getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (policyToken.getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } //Check for whether the token is attached in the message or not http://git-wip-us.apache.org/repos/asf/cxf/blob/2561af88/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 9ea8487..36f7aba 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -44,6 +44,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -451,6 +452,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); + if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); + } if (encrKey == null) { setupEncryptedKey(recToken, encrToken); @@ -611,6 +615,10 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { setupEncryptedKey(wrapper, sigToken); WSSecDKSign dkSign = new WSSecDKSign(wssConfig); + if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); + } + dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); // Set the algo info http://git-wip-us.apache.org/repos/asf/cxf/blob/2561af88/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 99314f7..ff072c0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -398,8 +398,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { boolean atEnd) { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); - if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP12) { - dkEncr.setWscVersion(ConversationConstants.VERSION_05_12); + if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } if (attached && encrTok.getAttachedReference() != null) { @@ -622,8 +622,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { boolean included) throws WSSecurityException { Document doc = saaj.getSOAPPart(); WSSecDKSign dkSign = new WSSecDKSign(wssConfig); - if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } //Check for whether the token is attached in the message or not http://git-wip-us.apache.org/repos/asf/cxf/blob/2561af88/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index 708699f..bc90e3c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -365,6 +365,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder { encrKey.appendToHeader(secHeader); WSSecDKSign dkSig = new WSSecDKSign(wssConfig); + if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSig.setWscVersion(ConversationConstants.VERSION_05_02); + } dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); @@ -474,8 +477,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder { dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8); - if (token.getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (token.getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } Document doc = saaj.getSOAPPart(); dkSign.prepare(doc, secHeader);