[cxf] branch master updated: Remove data bytes from the SecurityToken class

Thu, 20 Dec 2018 02:43:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 3a99c26  Remove data bytes from the SecurityToken class
3a99c26 is described below

commit 3a99c26ad254f34525837ceaf0c8baaac24f4336
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Dec 20 10:42:34 2018 +0000

    Remove data bytes from the SecurityToken class
---
 .../apache/cxf/ws/security/kerberos/KerberosClient.java   |  1 -
 .../apache/cxf/ws/security/tokenstore/SecurityToken.java  | 13 -------------
 .../apache/cxf/ws/security/trust/AbstractSTSClient.java   |  7 -------
 .../wss4j/policyhandlers/AbstractStaxBindingHandler.java  | 14 ++++++++++++--
 .../cxf/sts/token/provider/jwt/JWTTokenProvider.java      | 15 ---------------
 .../cxf/sts/token/provider/JWTTokenProviderTest.java      |  7 -------
 6 files changed, 12 insertions(+), 45 deletions(-)

diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
index aa35a0b..ff9c36f 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
@@ -157,7 +157,6 @@ public class KerberosClient implements Configurable {
         SecurityToken token = new SecurityToken(bst.getID());
         token.setToken(bst.getElement());
         token.setWsuId(bst.getID());
-        token.setData(bst.getToken());
         SecretKey secretKey = bst.getSecretKey();
         if (secretKey != null) {
             token.setKey(secretKey);
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
index 0da6d98..bc428d7 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
@@ -114,11 +114,6 @@ public class SecurityToken implements Serializable {
     private transient byte[] secret;
 
     /**
-     * Some binary data associated with the token
-     */
-    private byte[] data;
-
-    /**
      * A key associated with the token
      */
     private transient Key key;
@@ -533,14 +528,6 @@ public class SecurityToken implements Serializable {
         this.key = key;
     }
 
-    public byte[] getData() {
-        return data;
-    }
-
-    public void setData(byte[] data) {
-        this.data = data;
-    }
-
     private void writeObject(ObjectOutputStream stream) throws IOException {
         if (token != null && tokenStr == null) {
             tokenStr = DOM2Writer.nodeToString(token);
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 08e01eb..69c6934 100755
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -1462,7 +1462,6 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
         Element entropy = null;
         String tt = null;
         String retKeySize = null;
-        String tokenData = null;
 
         while (el != null) {
             String ln = el.getLocalName();
@@ -1471,9 +1470,6 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
                     lte = el;
                 } else if ("RequestedSecurityToken".equals(ln)) {
                     rst = DOMUtils.getFirstElement(el);
-                    if (rst == null) {
-                        tokenData = el.getTextContent();
-                    }
                 } else if ("RequestedAttachedReference".equals(ln)) {
                     rar = DOMUtils.getFirstElement(el);
                 } else if ("RequestedUnattachedReference".equals(ln)) {
@@ -1501,9 +1497,6 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
         token.setUnattachedReference(rur);
         token.setIssuerAddress(location);
         token.setTokenType(tt);
-        if (tokenData != null) {
-            token.setData(tokenData.getBytes());
-        }
 
         byte[] secret = null;
 
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 4dc5658..c674c99 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -56,6 +56,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractBinding;
@@ -213,9 +214,18 @@ public abstract class AbstractStaxBindingHandler extends 
AbstractCommonBindingHa
             unassertPolicy(token, "Could not find KerberosToken");
         }
 
+        // Get the kerberos token from the element
+        byte[] data = null;
+        if (secToken.getToken() != null) {
+            String text = XMLUtils.getElementText(secToken.getToken());
+            if (text != null) {
+                data = org.apache.xml.security.utils.XMLUtils.decode(text);
+            }
+        }
+
         // Convert to WSS4J token
         final KerberosClientSecurityToken wss4jToken =
-            new KerberosClientSecurityToken(secToken.getData(), 
secToken.getKey(), secToken.getId()) {
+            new KerberosClientSecurityToken(data, secToken.getKey(), 
secToken.getId()) {
 
                 @Override
                 public Key getSecretKey(String algorithmURI) throws 
XMLSecurityException {
@@ -525,7 +535,7 @@ public abstract class AbstractStaxBindingHandler extends 
AbstractCommonBindingHa
                 properties.setIncludeSignatureToken(true);
             }
         }
-        
+
         String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
         if (binding instanceof SymmetricBinding) {
             userNameKey = SecurityConstants.ENCRYPT_USERNAME;
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
index 8b1d3f4..dd5fc31 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
@@ -46,7 +46,6 @@ import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.SignatureProperties;
-import org.apache.cxf.sts.cache.CacheUtils;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
@@ -55,7 +54,6 @@ import 
org.apache.cxf.sts.token.provider.TokenProviderParameters;
 import org.apache.cxf.sts.token.provider.TokenProviderResponse;
 import org.apache.cxf.sts.token.realm.RealmProperties;
 import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.Merlin;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -139,19 +137,6 @@ public class JWTTokenProvider implements TokenProvider {
                 response.setExpires(expires);
             }
 
-            // set the token in cache (only if the token is signed)
-            if (signToken && tokenParameters.getTokenStore() != null) {
-                SecurityToken securityToken =
-                    CacheUtils.createSecurityTokenForStorage(null, 
claims.getTokenId(),
-                        expires, tokenParameters.getPrincipal(), 
tokenParameters.getRealm(),
-                        tokenParameters.getTokenRequirements().getRenewing());
-                securityToken.setData(tokenData.getBytes());
-
-                String signature = 
tokenData.substring(tokenData.lastIndexOf(".") + 1);
-                CacheUtils.storeTokenInCache(
-                    securityToken, tokenParameters.getTokenStore(), 
signature.getBytes());
-            }
-
             LOG.fine("JWT Token successfully created");
             return response;
         } catch (Exception e) {
diff --git 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index b3693e5..70b966e 100644
--- 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -21,7 +21,6 @@ package org.apache.cxf.sts.token.provider;
 import java.security.KeyStore;
 import java.security.Security;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.Properties;
 
 import org.apache.cxf.jaxws.context.WrappedMessageContext;
@@ -45,7 +44,6 @@ import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -202,11 +200,6 @@ public class JWTTokenProviderTest extends org.junit.Assert 
{
                             jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
         Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
-
-        // Check that the token is stored correctly in the cache
-        String signature = token.substring(token.lastIndexOf(".") + 1);
-        SecurityToken secToken = 
tokenStore.getToken(Integer.toString(Arrays.hashCode(signature.getBytes())));
-        Assert.assertNotNull(secToken);
     }
 
     @org.junit.Test

Reply via email to