Repository: cxf Updated Branches: refs/heads/master f37119381 -> 17dbc1215
Consolidate some code in WS-Security/STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/17dbc121 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/17dbc121 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/17dbc121 Branch: refs/heads/master Commit: 17dbc121555c2140599a4da6232f57fa07f19bc1 Parents: f371193 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Aug 17 16:56:06 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Aug 17 16:56:19 2015 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/wss4j/WSS4JUtils.java | 30 ++++++++++++++++++++ .../policyhandlers/AbstractBindingBuilder.java | 28 +----------------- .../cxf/sts/operation/AbstractOperation.java | 19 +++---------- 3 files changed, 35 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 15e0368..7821703 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -22,7 +22,9 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.Key; +import java.security.cert.X509Certificate; import java.util.Date; +import java.util.List; import java.util.Map; import java.util.Properties; import java.util.logging.Logger; @@ -50,6 +52,9 @@ import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.Loader; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -312,4 +317,29 @@ public final class WSS4JUtils { } return signCrypto; } + + /** + * Get the certificate that was used to sign the request + */ + public static X509Certificate getReqSigCert(List<WSHandlerResult> results) { + if (results == null || results.isEmpty()) { + return null; + } + + for (WSHandlerResult rResult : results) { + List<WSSecurityEngineResult> signedResults = + rResult.getActionResults().get(WSConstants.SIGN); + + if (signedResults != null && !signedResults.isEmpty()) { + for (WSSecurityEngineResult signedResult : signedResults) { + if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) { + return (X509Certificate)signedResult.get( + WSSecurityEngineResult.TAG_X509_CERTIFICATE); + } + } + } + } + + return null; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 460f418..e47fea6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1618,7 +1618,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); if (results != null) { - encrKeyBuilder.setUseThisCert(getReqSigCert(results)); + encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results)); //TODO This is a hack, this should not come under USE_REQ_SIG_CERT if (encrKeyBuilder.isCertSet()) { @@ -1634,32 +1634,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return encrUser; } - private static X509Certificate getReqSigCert(List<WSHandlerResult> results) { - /* - * Scan the results for a matching actor. Use results only if the - * receiving Actor and the sending Actor match. - */ - for (WSHandlerResult rResult : results) { - List<WSSecurityEngineResult> signedResults = - rResult.getActionResults().get(WSConstants.SIGN); - if (signedResults != null) { - /* - * Scan the results for the first Signature action. Use the - * certificate of this Signature to set the certificate for the - * encryption action :-). - */ - for (WSSecurityEngineResult signedResult : signedResults) { - if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) { - return (X509Certificate)signedResult.get( - WSSecurityEngineResult.TAG_X509_CERTIFICATE); - } - } - } - } - - return null; - } - /** * Scan through <code>WSHandlerResult<code> list for a Username token and return * the username if a Username Token found http://git-wip-us.apache.org/repos/asf/cxf/blob/17dbc121/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java index 6ed5ba7..386f32b 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java @@ -77,11 +77,11 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType; import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType; import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime; import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.WSConstants; -import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.WSSecEncrypt; @@ -541,20 +541,9 @@ public abstract class AbstractOperation { List<WSHandlerResult> results = (List<WSHandlerResult>) context.get(WSHandlerConstants.RECV_RESULTS); // DOM - if (results != null) { - for (WSHandlerResult rResult : results) { - List<WSSecurityEngineResult> signedResults = - rResult.getActionResults().get(WSConstants.SIGN); - if (signedResults != null) { - for (WSSecurityEngineResult wser : signedResults) { - X509Certificate cert = - (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); - if (cert != null) { - return cert; - } - } - } - } + X509Certificate cert = WSS4JUtils.getReqSigCert(results); + if (cert != null) { + return cert; } // Streaming