Make it possible to use a PasswordEncryptor with the SamlTokenInterceptor
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fcd965ed Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fcd965ed Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fcd965ed Branch: refs/heads/master Commit: fcd965edc2f1bccf7017deef5e2a4f538a187a5c Parents: 9bb3584 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 2 15:30:21 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 2 17:50:01 2015 +0000 ---------------------------------------------------------------------- .../ws/security/trust/AbstractSTSClient.java | 4 ++- .../ws/security/wss4j/SamlTokenInterceptor.java | 4 ++- .../cxf/ws/security/wss4j/WSS4JUtils.java | 27 ++++++++++++++++++++ .../policyhandlers/AbstractBindingBuilder.java | 26 +------------------ 4 files changed, 34 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java index 92fc862..0784b61 100755 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java @@ -114,6 +114,7 @@ import org.apache.neethi.PolicyRegistry; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; +import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.derivedKey.P_SHA1; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.token.Reference; @@ -1611,7 +1612,8 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { - return CryptoFactory.getInstance(properties); + PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message); + return CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor); } if (decrypt) { return createCrypto(false); http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index 7efbbe1..f6ff3f5 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; @@ -317,7 +318,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { Properties properties = WSS4JUtils.getProps(o, propsURL); if (properties != null) { - crypto = CryptoFactory.getInstance(properties); + PasswordEncryptor passwordEncryptor = WSS4JUtils.getPasswordEncryptor(message); + crypto = CryptoFactory.getInstance(properties, this.getClass().getClassLoader(), passwordEncryptor); } return crypto; } http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 1eb1142..b3f3dd4 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -30,6 +30,7 @@ import java.util.Properties; import java.util.logging.Logger; import javax.crypto.SecretKey; +import javax.security.auth.callback.CallbackHandler; import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapFault; @@ -49,6 +50,7 @@ import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.cache.ReplayCacheFactory; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.Loader; @@ -241,6 +243,31 @@ public final class WSS4JUtils { return properties; } + public static PasswordEncryptor getPasswordEncryptor(Message message) { + if (message == null) { + return null; + } + PasswordEncryptor passwordEncryptor = + (PasswordEncryptor)message.getContextualProperty( + SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE + ); + if (passwordEncryptor != null) { + return passwordEncryptor; + } + + Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); + try { + CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); + if (callbackHandler != null) { + return new JasyptPasswordEncryptor(callbackHandler); + } + } catch (Exception ex) { + return null; + } + + return null; + } + public static Crypto loadCryptoFromPropertiesFile( Message message, String propFilename, http://git-wip-us.apache.org/repos/asf/cxf/blob/fcd965ed/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index d6ff7f0..28d3e08 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -81,8 +81,6 @@ import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; -import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor; -import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; @@ -1523,34 +1521,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle if (properties != null) { crypto = CryptoFactory.getInstance(properties, Loader.getClassLoader(CryptoFactory.class), - getPasswordEncryptor()); + WSS4JUtils.getPasswordEncryptor(message)); getCryptoCache().put(o, crypto); } return crypto; } - protected PasswordEncryptor getPasswordEncryptor() { - PasswordEncryptor passwordEncryptor = - (PasswordEncryptor)message.getContextualProperty( - SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE - ); - if (passwordEncryptor != null) { - return passwordEncryptor; - } - - Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message); - try { - CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o); - if (callbackHandler != null) { - return new JasyptPasswordEncryptor(callbackHandler); - } - } catch (Exception ex) { - return null; - } - - return null; - } - public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) { boolean tokenTypeSet = false;
