Repository: cxf Updated Branches: refs/heads/master e89913007 -> 5048d0b5a
Some refactoring due to WSS-549 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5048d0b5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5048d0b5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5048d0b5 Branch: refs/heads/master Commit: 5048d0b5a92cceb98fc46424d758b40107b47345 Parents: e899130 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Aug 4 12:00:46 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Aug 4 12:00:46 2015 +0100 ---------------------------------------------------------------------- .../AsymmetricBindingHandler.java | 87 ++++++++++++-------- .../policyhandlers/SymmetricBindingHandler.java | 11 ++- 2 files changed, 60 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5048d0b5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 01d7de3..dba4cff 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -416,7 +416,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { try { Element secondRefList = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts); - ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader); + if (secondRefList != null) { + ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader); + } } catch (WSSecurityException ex) { LOG.log(Level.FINE, ex.getMessage(), ex); @@ -452,37 +454,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { assertPolicy(encrToken); AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite(); if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { - try { - WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); - dkEncr.setIdAllocator(wssConfig.getIdAllocator()); - dkEncr.setCallbackLookup(callbackLookup); - dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); - dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); - if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { - dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); - } - - if (encrKey == null) { - setupEncryptedKey(recToken, encrToken); - } - - dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); - dkEncr.getParts().addAll(encrParts); - dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" - + WSConstants.ENC_KEY_VALUE_TYPE); - AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType(); - dkEncr.setSymmetricEncAlgorithm(algType.getEncryption()); - dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8); - dkEncr.prepare(saaj.getSOAPPart()); - - addDerivedKeyElement(dkEncr.getdktElement()); - Element refList = dkEncr.encryptForExternalRef(null, encrParts); - insertBeforeBottomUp(refList); - return dkEncr; - } catch (Exception e) { - LOG.log(Level.FINE, e.getMessage(), e); - unassertPolicy(recToken, e); - } + return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite); } else { try { WSSecEncrypt encr = new WSSecEncrypt(); @@ -539,7 +511,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { //Encrypt, get hold of the ref list and add it if (externalRef) { Element refList = encr.encryptForRef(null, encrParts); - insertBeforeBottomUp(refList); + if (refList != null) { + insertBeforeBottomUp(refList); + } if (attachments != null) { for (Element attachment : attachments) { this.insertBeforeBottomUp(attachment); @@ -551,7 +525,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { this.addEncryptedKeyElement(encryptedKeyElement); // Add internal refs - encryptedKeyElement.appendChild(refList); + if (refList != null) { + encryptedKeyElement.appendChild(refList); + } if (attachments != null) { for (Element attachment : attachments) { this.addEncryptedKeyElement(attachment); @@ -572,7 +548,48 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { } } return null; - } + } + + private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, + AbstractToken encrToken, + List<WSEncryptionPart> encrParts, + AlgorithmSuite algorithmSuite) { + try { + WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); + dkEncr.setIdAllocator(wssConfig.getIdAllocator()); + dkEncr.setCallbackLookup(callbackLookup); + dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); + if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { + dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); + } + + if (encrKey == null) { + setupEncryptedKey(recToken, encrToken); + } + + dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); + dkEncr.getParts().addAll(encrParts); + dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" + + WSConstants.ENC_KEY_VALUE_TYPE); + AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType(); + dkEncr.setSymmetricEncAlgorithm(algType.getEncryption()); + dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8); + dkEncr.prepare(saaj.getSOAPPart()); + + addDerivedKeyElement(dkEncr.getdktElement()); + Element refList = dkEncr.encryptForExternalRef(null, encrParts); + if (refList != null) { + insertBeforeBottomUp(refList); + } + return dkEncr; + } catch (Exception e) { + LOG.log(Level.FINE, e.getMessage(), e); + unassertPolicy(recToken, e); + } + + return null; + } private void assertUnusedTokens(AbstractTokenWrapper wrapper) { if (wrapper == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5048d0b5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 0aba026..5eb83fe 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -250,10 +250,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { && !secondEncrParts.isEmpty()) { secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null, secondEncrParts); - this.addDerivedKeyElement(secondRefList); } else if (!secondEncrParts.isEmpty()) { //Encrypt, get hold of the ref list and add it secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts); + } + if (secondRefList != null) { this.addDerivedKeyElement(secondRefList); } } @@ -612,14 +613,18 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { private void addAttachmentsForEncryption(boolean atEnd, Element refList, List<Element> attachments) { if (atEnd) { - this.insertBeforeBottomUp(refList); + if (refList != null) { + this.insertBeforeBottomUp(refList); + } if (attachments != null) { for (Element attachment : attachments) { this.insertBeforeBottomUp(attachment); } } } else { - this.addDerivedKeyElement(refList); + if (refList != null) { + this.addDerivedKeyElement(refList); + } if (attachments != null) { for (Element attachment : attachments) { this.addDerivedKeyElement(attachment);
