Repository: cxf Updated Branches: refs/heads/master f81032919 -> 48c6da4be
CXF-4028 - X509TokenValidator uses signature-crypto-provider instead of encryption-crypto-provider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/48c6da4b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/48c6da4b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/48c6da4b Branch: refs/heads/master Commit: 48c6da4bec8743d65740e7ab02ce4ca0f696c384 Parents: f810329 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Mar 28 08:07:11 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Mar 28 08:07:11 2017 +0100 ---------------------------------------------------------------------- .../cxf/sts/token/validator/X509TokenValidator.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/48c6da4b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java index e604f7f..e89ac12 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/X509TokenValidator.java @@ -113,11 +113,16 @@ public class X509TokenValidator implements TokenValidator { public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) { LOG.fine("Validating X.509 Token"); STSPropertiesMBean stsProperties = tokenParameters.getStsProperties(); - Crypto sigCrypto = stsProperties.getSignatureCrypto(); CallbackHandler callbackHandler = stsProperties.getCallbackHandler(); + // See CXF-4028 + Crypto crypto = stsProperties.getEncryptionCrypto(); + if (crypto == null) { + crypto = stsProperties.getSignatureCrypto(); + } + RequestData requestData = new RequestData(); - requestData.setSigVerCrypto(sigCrypto); + requestData.setSigVerCrypto(crypto); requestData.setWssConfig(WSSConfig.getNewInstance()); requestData.setCallbackHandler(callbackHandler); requestData.setMsgContext(tokenParameters.getMessageContext()); @@ -177,8 +182,8 @@ public class X509TokenValidator implements TokenValidator { try { Credential credential = new Credential(); credential.setBinarySecurityToken(binarySecurity); - if (sigCrypto != null) { - X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(sigCrypto); + if (crypto != null) { + X509Certificate cert = ((X509Security)binarySecurity).getX509Certificate(crypto); credential.setCertificates(new X509Certificate[]{cert}); }
