This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new 7332b0057 Extracting some Action callback functionality from WSHandler
7332b0057 is described below
commit 7332b00570edede75f140787c8669f734d89cc63
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Wed Jun 18 10:10:45 2025 +0100
Extracting some Action callback functionality from WSHandler
---
.../org/apache/wss4j/dom/action/ActionUtils.java | 70 ++++++++++++++++
.../wss4j/dom/action/EncryptionDerivedAction.java | 11 +--
.../wss4j/dom/action/SAMLTokenSignedAction.java | 7 +-
.../apache/wss4j/dom/action/SignatureAction.java | 11 +--
.../wss4j/dom/action/SignatureDerivedAction.java | 11 +--
.../wss4j/dom/action/UsernameTokenAction.java | 10 ++-
.../dom/action/UsernameTokenSignedAction.java | 6 +-
.../org/apache/wss4j/dom/handler/WSHandler.java | 94 ++++------------------
.../dom/handler/WSHandlerGetPasswordTest.java | 13 +--
9 files changed, 125 insertions(+), 108 deletions(-)
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
new file mode 100644
index 000000000..393a4bd94
--- /dev/null
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.action;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+
+public final class ActionUtils {
+
+ private ActionUtils() {
+ // Utility class, no instantiation
+ }
+
+ /**
+ * Construct a WSPasswordCallback instance
+ * @param username The username
+ * @param doAction The action to perform
+ * @return a WSPasswordCallback instance
+ * @throws WSSecurityException
+ */
+ public static WSPasswordCallback constructPasswordCallback(
+ String username,
+ int doAction
+ ) throws WSSecurityException {
+
+ int reason;
+
+ switch (doAction) {
+ case WSConstants.UT:
+ case WSConstants.UT_SIGN:
+ reason = WSPasswordCallback.USERNAME_TOKEN;
+ break;
+ case WSConstants.SIGN:
+ reason = WSPasswordCallback.SIGNATURE;
+ break;
+ case WSConstants.DKT_SIGN:
+ reason = WSPasswordCallback.SECRET_KEY;
+ break;
+ case WSConstants.ENCR:
+ reason = WSPasswordCallback.SECRET_KEY;
+ break;
+ case WSConstants.DKT_ENCR:
+ reason = WSPasswordCallback.SECRET_KEY;
+ break;
+ default:
+ reason = WSPasswordCallback.UNKNOWN;
+ break;
+ }
+ return new WSPasswordCallback(username, reason);
+ }
+
+}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
index 6fdf38e6f..ac305d1d8 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
@@ -57,8 +57,9 @@ public class EncryptionDerivedAction extends
AbstractDerivedAction implements Ac
encryptionToken = reqData.getEncryptionToken();
}
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(encryptionToken.getUser(),
WSConstants.DKT_ENCR, callbackHandler, reqData);
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(encryptionToken.getUser(),
WSConstants.DKT_ENCR);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
WSSecDKEncrypt wsEncrypt = new WSSecDKEncrypt(reqData.getSecHeader());
wsEncrypt.setIdAllocator(reqData.getWssConfig().getIdAllocator());
wsEncrypt.setWsDocInfo(reqData.getWsDocInfo());
@@ -71,7 +72,7 @@ public class EncryptionDerivedAction extends
AbstractDerivedAction implements Ac
if (encryptionToken.getSymmetricAlgorithm() != null) {
wsEncrypt.setSymmetricEncAlgorithm(encryptionToken.getSymmetricAlgorithm());
}
- wsEncrypt.setUserInfo(encryptionToken.getUser(),
passwordCallback.getPassword());
+ wsEncrypt.setUserInfo(encryptionToken.getUser(), pwCb.getPassword());
if (reqData.isUse200512Namespace()) {
wsEncrypt.setWscVersion(ConversationConstants.VERSION_05_12);
@@ -100,7 +101,7 @@ public class EncryptionDerivedAction extends
AbstractDerivedAction implements Ac
tokenElement = setupEncryptedKeyTokenReference(reqData,
encryptionToken, wsEncrypt, symmetricKey);
} else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- tokenElement = setupSCTTokenReference(reqData, encryptionToken,
wsEncrypt, passwordCallback, doc);
+ tokenElement = setupSCTTokenReference(reqData, encryptionToken,
wsEncrypt, pwCb, doc);
}
wsEncrypt.setAttachmentCallbackHandler(reqData.getAttachmentCallbackHandler());
@@ -114,7 +115,7 @@ public class EncryptionDerivedAction extends
AbstractDerivedAction implements Ac
wsEncrypt.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
- byte[] key = getKey(reqData.getSignatureToken(), passwordCallback,
symmetricKey);
+ byte[] key = getKey(reqData.getSignatureToken(), pwCb,
symmetricKey);
wsEncrypt.prepare(key);
Element externRefList = wsEncrypt.encrypt();
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
index 8b83a9c19..b41111b3a 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
@@ -97,9 +97,10 @@ public class SAMLTokenSignedAction implements Action {
signatureToken = reqData.getSignatureToken();
}
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(signatureToken.getUser(),
WSConstants.ST_SIGNED, callbackHandler, reqData);
- wsSign.setUserInfo(signatureToken.getUser(),
passwordCallback.getPassword());
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.ST_SIGNED);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
+ wsSign.setUserInfo(signatureToken.getUser(), pwCb.getPassword());
if (signatureToken.getKeyIdentifierId() != 0) {
wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
index 2b64a6364..bfb24dddd 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
@@ -52,8 +52,9 @@ public class SignatureAction implements Action {
signatureToken = reqData.getSignatureToken();
}
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(signatureToken.getUser(), WSConstants.SIGN,
callbackHandler, reqData);
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.SIGN);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
WSSecSignature wsSign = new WSSecSignature(reqData.getSecHeader());
wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
@@ -76,11 +77,11 @@ public class SignatureAction implements Action {
wsSign.setIncludeSignatureToken(signatureToken.isIncludeToken());
- wsSign.setUserInfo(signatureToken.getUser(),
passwordCallback.getPassword());
+ wsSign.setUserInfo(signatureToken.getUser(), pwCb.getPassword());
wsSign.setUseSingleCertificate(signatureToken.isUseSingleCert());
- if (passwordCallback.getKey() != null) {
- wsSign.setSecretKey(passwordCallback.getKey());
+ if (pwCb.getKey() != null) {
+ wsSign.setSecretKey(pwCb.getKey());
} else if (signatureToken.getKey() != null) {
wsSign.setSecretKey(signatureToken.getKey());
} else if (signatureToken.getUser() == null) {
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
index a6de8dafd..cae496352 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
@@ -58,8 +58,9 @@ public class SignatureDerivedAction extends
AbstractDerivedAction implements Act
signatureToken = reqData.getSignatureToken();
}
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(signatureToken.getUser(),
WSConstants.DKT_SIGN, callbackHandler, reqData);
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.DKT_SIGN);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
WSSecDKSign wsSign = new WSSecDKSign(reqData.getSecHeader());
wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
@@ -75,7 +76,7 @@ public class SignatureDerivedAction extends
AbstractDerivedAction implements Act
if (signatureToken.getC14nAlgorithm() != null) {
wsSign.setSigCanonicalization(signatureToken.getC14nAlgorithm());
}
- wsSign.setUserInfo(signatureToken.getUser(),
passwordCallback.getPassword());
+ wsSign.setUserInfo(signatureToken.getUser(), pwCb.getPassword());
if (reqData.isUse200512Namespace()) {
wsSign.setWscVersion(ConversationConstants.VERSION_05_12);
@@ -102,7 +103,7 @@ public class SignatureDerivedAction extends
AbstractDerivedAction implements Act
tokenElement = setupEncryptedKeyTokenReference(reqData,
signatureToken, wsSign, symmetricKey);
} else if ("SecurityContextToken".equals(derivedKeyTokenReference)) {
- tokenElement = setupSCTTokenReference(reqData, signatureToken,
wsSign, passwordCallback, doc);
+ tokenElement = setupSCTTokenReference(reqData, signatureToken,
wsSign, pwCb, doc);
} else {
// DirectReference
if (signatureToken.getDerivedKeyIdentifier() != 0) {
@@ -125,7 +126,7 @@ public class SignatureDerivedAction extends
AbstractDerivedAction implements Act
wsSign.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(doc));
}
- byte[] key = getKey(signatureToken, reqData.getEncryptionToken(),
passwordCallback, symmetricKey);
+ byte[] key = getKey(signatureToken, reqData.getEncryptionToken(),
pwCb, symmetricKey);
wsSign.prepare(key);
List<javax.xml.crypto.dsig.Reference> referenceList =
wsSign.addReferencesToSign(wsSign.getParts());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
index 0fdeafdec..fc90e1b21 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
@@ -37,10 +37,12 @@ public class UsernameTokenAction implements Action {
String password = null;
if (reqData.getPwType() != null) {
CallbackHandler callbackHandler = reqData.getCallbackHandler();
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(reqData.getUsername(), WSConstants.UT,
callbackHandler, reqData);
- username = passwordCallback.getIdentifier();
- password = passwordCallback.getPassword();
+
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(reqData.getUsername(), WSConstants.UT);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
+ username = pwCb.getIdentifier();
+ password = pwCb.getPassword();
}
if (username == null) {
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
index 510196277..dd3174083 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
@@ -51,8 +51,8 @@ public class UsernameTokenSignedAction implements Action {
throws WSSecurityException {
CallbackHandler callbackHandler = reqData.getCallbackHandler();
- WSPasswordCallback passwordCallback =
- handler.getPasswordCB(reqData.getUsername(), WSConstants.UT_SIGN,
callbackHandler, reqData);
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(reqData.getUsername(),
WSConstants.UT_SIGN);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
if (reqData.getUsername() == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUser");
@@ -68,7 +68,7 @@ public class UsernameTokenSignedAction implements Action {
int iterations = reqData.getDerivedKeyIterations();
builder.addDerivedKey(iterations);
- builder.setUserInfo(reqData.getUsername(),
passwordCallback.getPassword());
+ builder.setUserInfo(reqData.getUsername(), pwCb.getPassword());
builder.addCreated();
builder.addNonce();
boolean useMac = reqData.isUseDerivedKeyForMAC();
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
index f8f8edc0d..d54a7c9ee 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
@@ -1144,23 +1144,30 @@ public abstract class WSHandler {
}
/**
- * Get a password callback (WSPasswordCallback object) from a
CallbackHandler instance
- * @param username The username to supply to the CallbackHandler
- * @param doAction The action to perform
- * @param callbackHandler The CallbackHandler instance
+ * Configure a password callback (WSPasswordCallback object) from a
CallbackHandler instance
+ * @param callbackHandler The CallbackHandler to use
+ * @param pwCb The WSPasswordCallback to supply to the CallbackHandler
* @param requestData The RequestData which supplies the message context
- * @return the WSPasswordCallback object containing the password
* @throws WSSecurityException
*/
- public WSPasswordCallback getPasswordCB(
- String username,
- int doAction,
+ public void performPasswordCallback(
CallbackHandler callbackHandler,
+ WSPasswordCallback pwCb,
RequestData requestData
) throws WSSecurityException {
if (callbackHandler != null) {
- return performPasswordCallback(callbackHandler, username,
doAction);
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = pwCb;
+ //
+ // Call back the application to get the password
+ //
+ try {
+ callbackHandler.handle(callbacks);
+ } catch (Exception e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
+ "empty", new Object[] {"WSHandler: password callback
failed"});
+ }
} else {
//
// If a callback isn't configured then try to get the password
@@ -1173,77 +1180,8 @@ public abstract class WSHandler {
"empty",
new Object[] {"WSHandler: application " + err});
}
- WSPasswordCallback pwCb = constructPasswordCallback(username,
doAction);
pwCb.setPassword(password);
- return pwCb;
- }
- }
-
- /**
- * Perform a callback on a CallbackHandler instance
- * @param cbHandler the CallbackHandler instance
- * @param username The username to supply to the CallbackHandler
- * @param doAction The action to perform
- * @return a WSPasswordCallback instance
- * @throws WSSecurityException
- */
- private WSPasswordCallback performPasswordCallback(
- CallbackHandler cbHandler,
- String username,
- int doAction
- ) throws WSSecurityException {
-
- WSPasswordCallback pwCb = constructPasswordCallback(username,
doAction);
- Callback[] callbacks = new Callback[1];
- callbacks[0] = pwCb;
- //
- // Call back the application to get the password
- //
- try {
- cbHandler.handle(callbacks);
- } catch (Exception e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
- "empty", new Object[] {"WSHandler: password callback
failed"});
}
- return pwCb;
- }
-
- /**
- * Construct a WSPasswordCallback instance
- * @param username The username
- * @param doAction The action to perform
- * @return a WSPasswordCallback instance
- * @throws WSSecurityException
- */
- private WSPasswordCallback constructPasswordCallback(
- String username,
- int doAction
- ) throws WSSecurityException {
-
- int reason;
-
- switch (doAction) {
- case WSConstants.UT:
- case WSConstants.UT_SIGN:
- reason = WSPasswordCallback.USERNAME_TOKEN;
- break;
- case WSConstants.SIGN:
- reason = WSPasswordCallback.SIGNATURE;
- break;
- case WSConstants.DKT_SIGN:
- reason = WSPasswordCallback.SECRET_KEY;
- break;
- case WSConstants.ENCR:
- reason = WSPasswordCallback.SECRET_KEY;
- break;
- case WSConstants.DKT_ENCR:
- reason = WSPasswordCallback.SECRET_KEY;
- break;
- default:
- reason = WSPasswordCallback.UNKNOWN;
- break;
- }
- return new WSPasswordCallback(username, reason);
}
private void splitEncParts(boolean required, String tmpS,
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
index e4009b432..25a9e8b54 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
@@ -23,6 +23,7 @@ import java.util.Collections;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.action.ActionUtils;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
@@ -64,11 +65,13 @@ public class WSHandlerGetPasswordTest {
WSHandler handler = new CustomHandler();
CallbackHandler callbackHandler =
handler.getCallbackHandler("SomeCallbackTag", "SomeCallbackRef",
reqData);
- WSPasswordCallback callback =
- handler.getPasswordCB("alice", WSConstants.UT, callbackHandler,
reqData);
- assertTrue("alice".equals(callback.getIdentifier()));
- assertTrue("securityPassword".equals(callback.getPassword()));
- assertTrue(WSPasswordCallback.USERNAME_TOKEN == callback.getUsage());
+
+ WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback("alice", WSConstants.UT);
+ handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+
+ assertTrue("alice".equals(pwCb.getIdentifier()));
+ assertTrue("securityPassword".equals(pwCb.getPassword()));
+ assertTrue(WSPasswordCallback.USERNAME_TOKEN == pwCb.getUsage());
}
/**
