Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ff407cd32 -> 1df23fc6b
[CXF-6105] - CXF 3.x does not use the older WS-SecurityPolicy 1.1 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1df23fc6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1df23fc6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1df23fc6 Branch: refs/heads/3.0.x-fixes Commit: 1df23fc6b70d95f9fd5b47697cd8ffacb5f45c50 Parents: ff407cd Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Nov 14 17:15:46 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Nov 14 17:18:05 2014 +0000 ---------------------------------------------------------------------- .../wss4j/policyhandlers/AbstractBindingBuilder.java | 4 ++-- .../wss4j/policyhandlers/AsymmetricBindingHandler.java | 8 ++++++++ .../wss4j/policyhandlers/SymmetricBindingHandler.java | 8 ++++---- .../wss4j/policyhandlers/TransportBindingHandler.java | 7 +++++-- 4 files changed, 19 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1df23fc6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index aeec3cb..87e6cb6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1902,8 +1902,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecDKSign dkSign = new WSSecDKSign(wssConfig); //Check whether it is security policy 1.2 and use the secure conversation accordingly - if (policyToken.getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (policyToken.getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } //Check for whether the token is attached in the message or not http://git-wip-us.apache.org/repos/asf/cxf/blob/1df23fc6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 9ea8487..36f7aba 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -44,6 +44,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -451,6 +452,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); + if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); + } if (encrKey == null) { setupEncryptedKey(recToken, encrToken); @@ -611,6 +615,10 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { setupEncryptedKey(wrapper, sigToken); WSSecDKSign dkSign = new WSSecDKSign(wssConfig); + if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); + } + dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); // Set the algo info http://git-wip-us.apache.org/repos/asf/cxf/blob/1df23fc6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 99314f7..ff072c0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -398,8 +398,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { boolean atEnd) { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); - if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP12) { - dkEncr.setWscVersion(ConversationConstants.VERSION_05_12); + if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } if (attached && encrTok.getAttachedReference() != null) { @@ -622,8 +622,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { boolean included) throws WSSecurityException { Document doc = saaj.getSOAPPart(); WSSecDKSign dkSign = new WSSecDKSign(wssConfig); - if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } //Check for whether the token is attached in the message or not http://git-wip-us.apache.org/repos/asf/cxf/blob/1df23fc6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index 708699f..bc90e3c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -365,6 +365,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder { encrKey.appendToHeader(secHeader); WSSecDKSign dkSig = new WSSecDKSign(wssConfig); + if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkSig.setWscVersion(ConversationConstants.VERSION_05_02); + } dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); @@ -474,8 +477,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder { dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8); - if (token.getVersion() == SPConstants.SPVersion.SP12) { - dkSign.setWscVersion(ConversationConstants.VERSION_05_12); + if (token.getVersion() == SPConstants.SPVersion.SP11) { + dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } Document doc = saaj.getSOAPPart(); dkSign.prepare(doc, secHeader);