cxf git commit: [CXF-6277] - Correction

Thu, 05 Mar 2015 08:35:19 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 5d18509f6 -> d3e7cb90a


[CXF-6277] - Correction


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d3e7cb90
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d3e7cb90
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d3e7cb90

Branch: refs/heads/3.0.x-fixes
Commit: d3e7cb90a76d935ada732386b1af4428aabbad71
Parents: 5d18509
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Thu Mar 5 16:26:23 2015 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Thu Mar 5 16:27:56 2015 +0000

----------------------------------------------------------------------
 .../cxf/sts/token/validator/X509TokenValidator.java  | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d3e7cb90/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
----------------------------------------------------------------------
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
index 344d4ce..823bd6e 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java
@@ -40,13 +40,14 @@ import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.bsp.BSPEnforcer;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.message.token.X509Security;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SignatureTrustValidator;
 import org.apache.wss4j.dom.validate.Validator;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.X509Data;
 
 /**
  * This class validates an X.509 V.3 certificate (received as a 
BinarySecurityToken or an X509Data
@@ -148,10 +149,20 @@ public class X509TokenValidator implements TokenValidator 
{
             ((Text)binarySecurity.getElement().getFirstChild()).setData(data);
         } else if (validateTarget.isDOMElement()) {
             try {
-                binarySecurity = new 
X509Security((Element)validateTarget.getToken(), new BSPEnforcer());
+                Document doc = DOMUtils.createDocument();
+                binarySecurity = new X509Security(doc);
+                binarySecurity.setEncodingType(BASE64_ENCODING);
+                X509Data x509Data = new 
X509Data((Element)validateTarget.getToken(), "");
+                if (x509Data.containsCertificate()) {
+                    X509Certificate cert = 
x509Data.itemCertificate(0).getX509Certificate();
+                    ((X509Security)binarySecurity).setX509Certificate(cert);
+                }
             } catch (WSSecurityException ex) {
                 LOG.log(Level.WARNING, "", ex);
                 return response;
+            } catch (XMLSecurityException ex) {
+                LOG.log(Level.WARNING, "", ex);
+                return response;
             }
         } else {
             return response;

Reply via email to