This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new f9770cf9b Moving getAssertionFromKeyIdentifier out of STRParserUtil
f9770cf9b is described below
commit f9770cf9beddcf2b593b23ed50341800cef46616
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Jun 26 15:22:01 2025 +0100
Moving getAssertionFromKeyIdentifier out of STRParserUtil
---
.../wss4j/dom/saml/WSSSAMLKeyInfoProcessor.java | 61 ++++++++++++++++++++-
.../org/apache/wss4j/dom/str/STRParserUtil.java | 63 ----------------------
2 files changed, 60 insertions(+), 64 deletions(-)
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSSAMLKeyInfoProcessor.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSSAMLKeyInfoProcessor.java
index e229d6f77..b57ff8713 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSSAMLKeyInfoProcessor.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSSAMLKeyInfoProcessor.java
@@ -71,7 +71,7 @@ public class WSSSAMLKeyInfoProcessor implements
SAMLKeyInfoProcessor {
public SAMLKeyInfo
processSAMLKeyInfoFromSecurityTokenReference(SecurityTokenReference secRef,
RequestData data
) throws WSSecurityException {
- SamlAssertionWrapper samlAssertion =
STRParserUtil.getAssertionFromKeyIdentifier(secRef, secRef.getElement(), data);
+ SamlAssertionWrapper samlAssertion =
getAssertionFromKeyIdentifier(secRef, secRef.getElement(), data);
STRParserUtil.checkSamlTokenBSPCompliance(secRef,
samlAssertion.getSaml2() != null, data.getBSPEnforcer());
return SAMLUtil.getCredentialFromSubject(samlAssertion, new
WSSSAMLKeyInfoProcessor(), data, data.getSigVerCrypto());
@@ -140,4 +140,63 @@ public class WSSSAMLKeyInfoProcessor implements
SAMLKeyInfoProcessor {
return null;
}
+
+ /**
+ * Get an SamlAssertionWrapper object from parsing a
SecurityTokenReference that uses
+ * a KeyIdentifier that points to a SAML Assertion.
+ *
+ * @param secRef the SecurityTokenReference to the SAML Assertion
+ * @param strElement The SecurityTokenReference DOM element
+ * @param request The RequestData instance used to obtain configuration
+ * @return an SamlAssertionWrapper object
+ * @throws WSSecurityException
+ */
+ private static SamlAssertionWrapper getAssertionFromKeyIdentifier(
+ SecurityTokenReference secRef,
+ Element strElement,
+ RequestData request
+ ) throws WSSecurityException {
+ String keyIdentifierValue = secRef.getKeyIdentifierValue();
+ String type = secRef.getKeyIdentifierValueType();
+ WSSecurityEngineResult result =
request.getWsDocInfo().getResult(keyIdentifierValue);
+
+ SamlAssertionWrapper samlAssertion = null;
+ Element token = null;
+ if (result != null) {
+ samlAssertion =
+
(SamlAssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ return samlAssertion;
+ } else {
+ token =
+ STRParserUtil.findProcessedTokenElement(
+ strElement.getOwnerDocument(), request.getWsDocInfo(),
request.getCallbackHandler(),
+ keyIdentifierValue, type
+ );
+ if (token != null) {
+ if (!"Assertion".equals(token.getLocalName())) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity"
+ );
+ }
+ return new SamlAssertionWrapper(token);
+ }
+ token =
+ STRParserUtil.findUnprocessedTokenElement(
+ strElement.getOwnerDocument(), request.getWsDocInfo(),
keyIdentifierValue, type
+ );
+
+ if (token == null || !"Assertion".equals(token.getLocalName())) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity"
+ );
+ }
+ Processor proc =
request.getWssConfig().getProcessor(WSConstants.SAML_TOKEN);
+ List<WSSecurityEngineResult> samlResult = proc.handleToken(token,
request);
+ return
+ (SamlAssertionWrapper)samlResult.get(0).get(
+ WSSecurityEngineResult.TAG_SAML_ASSERTION
+ );
+ }
+ }
+
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
index 1e1c5b083..320fa7c97 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
@@ -19,8 +19,6 @@
package org.apache.wss4j.dom.str;
-import java.util.List;
-
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -30,7 +28,6 @@ import org.apache.wss4j.common.dom.callback.CallbackLookup;
import org.apache.wss4j.common.dom.callback.DOMCallbackLookup;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.PKIPathSecurity;
import org.apache.wss4j.common.token.SecurityTokenReference;
@@ -38,10 +35,8 @@ import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.common.dom.WSDocInfo;
-import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.common.dom.RequestData;
import org.apache.wss4j.common.dom.message.token.KerberosSecurity;
-import org.apache.wss4j.common.dom.processor.Processor;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -57,64 +52,6 @@ public final class STRParserUtil {
// complete
}
- /**
- * Get an SamlAssertionWrapper object from parsing a
SecurityTokenReference that uses
- * a KeyIdentifier that points to a SAML Assertion.
- *
- * @param secRef the SecurityTokenReference to the SAML Assertion
- * @param strElement The SecurityTokenReference DOM element
- * @param request The RequestData instance used to obtain configuration
- * @return an SamlAssertionWrapper object
- * @throws WSSecurityException
- */
- public static SamlAssertionWrapper getAssertionFromKeyIdentifier(
- SecurityTokenReference secRef,
- Element strElement,
- RequestData request
- ) throws WSSecurityException {
- String keyIdentifierValue = secRef.getKeyIdentifierValue();
- String type = secRef.getKeyIdentifierValueType();
- WSSecurityEngineResult result =
request.getWsDocInfo().getResult(keyIdentifierValue);
-
- SamlAssertionWrapper samlAssertion = null;
- Element token = null;
- if (result != null) {
- samlAssertion =
-
(SamlAssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- return samlAssertion;
- } else {
- token =
- findProcessedTokenElement(
- strElement.getOwnerDocument(), request.getWsDocInfo(),
request.getCallbackHandler(),
- keyIdentifierValue, type
- );
- if (token != null) {
- if (!"Assertion".equals(token.getLocalName())) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity"
- );
- }
- return new SamlAssertionWrapper(token);
- }
- token =
- findUnprocessedTokenElement(
- strElement.getOwnerDocument(), request.getWsDocInfo(),
keyIdentifierValue, type
- );
-
- if (token == null || !"Assertion".equals(token.getLocalName())) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity"
- );
- }
- Processor proc =
request.getWssConfig().getProcessor(WSConstants.SAML_TOKEN);
- List<WSSecurityEngineResult> samlResult = proc.handleToken(token,
request);
- return
- (SamlAssertionWrapper)samlResult.get(0).get(
- WSSecurityEngineResult.TAG_SAML_ASSERTION
- );
- }
- }
-
/**
* Check that the BinarySecurityToken referenced by the
SecurityTokenReference argument
