Consolidate some code in WS-Security/STS Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c81e8d44 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c81e8d44 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c81e8d44 Branch: refs/heads/3.0.x-fixes Commit: c81e8d440a5300e3b9390e2b8bb7b3aa8c70ad61 Parents: 0e9101f Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Aug 17 16:56:06 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Aug 17 16:56:40 2015 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/wss4j/WSS4JUtils.java | 68 ++++++++++++++++++++ .../policyhandlers/AbstractBindingBuilder.java | 5 +- .../cxf/sts/operation/AbstractOperation.java | 8 ++- 3 files changed, 79 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index d872a47..387fb56 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -22,7 +22,13 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.Key; +import java.security.cert.X509Certificate; import java.util.Date; +<<<<<<< HEAD +======= +import java.util.List; +import java.util.Map; +>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS import java.util.Properties; import javax.crypto.SecretKey; @@ -49,6 +55,13 @@ import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; +<<<<<<< HEAD +======= +import org.apache.wss4j.common.util.Loader; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.WSHandlerResult; +>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.exceptions.XMLSecurityException; @@ -350,4 +363,59 @@ public final class WSS4JUtils { return CryptoFactory.getInstance(propFilename, classLoader); } +<<<<<<< HEAD +======= + public static Crypto getSignatureCrypto( + Object s, + SoapMessage message, + PasswordEncryptor passwordEncryptor + ) throws WSSecurityException { + Crypto signCrypto = null; + if (s instanceof Crypto) { + signCrypto = (Crypto)s; + } else if (s != null) { + URL propsURL = SecurityUtils.loadResource(message, s); + Properties props = WSS4JUtils.getProps(s, propsURL); + if (props == null) { + LOG.fine("Cannot find Crypto Signature properties: " + s); + Exception ex = new Exception("Cannot find Crypto Signature properties: " + s); + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); + } + + signCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), + passwordEncryptor); + + EndpointInfo info = message.getExchange().getEndpoint().getEndpointInfo(); + synchronized (info) { + info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto); + } + } + return signCrypto; + } + + /** + * Get the certificate that was used to sign the request + */ + public static X509Certificate getReqSigCert(List<WSHandlerResult> results) { + if (results == null || results.isEmpty()) { + return null; + } + + for (WSHandlerResult rResult : results) { + List<WSSecurityEngineResult> signedResults = + rResult.getActionResults().get(WSConstants.SIGN); + + if (signedResults != null && !signedResults.isEmpty()) { + for (WSSecurityEngineResult signedResult : signedResults) { + if (signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) { + return (X509Certificate)signedResult.get( + WSSecurityEngineResult.TAG_X509_CERTIFICATE); + } + } + } + } + + return null; + } +>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS } http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 62b016c..6a992cb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1611,7 +1611,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); if (results != null) { - encrKeyBuilder.setUseThisCert(getReqSigCert(results)); + encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results)); //TODO This is a hack, this should not come under USE_REQ_SIG_CERT if (encrKeyBuilder.isCertSet()) { @@ -1627,6 +1627,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return encrUser; } +<<<<<<< HEAD private static X509Certificate getReqSigCert(List<WSHandlerResult> results) { /* * Scan the results for a matching actor. Use results only if the @@ -1650,6 +1651,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return null; } +======= +>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS /** * Scan through <code>WSHandlerResult<code> list for a Username token and return * the username if a Username Token found http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java index 4146a3f..f91edee 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java @@ -76,10 +76,10 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType; import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType; import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime; import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; -import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; import org.apache.wss4j.dom.message.WSSecEncrypt; @@ -543,6 +543,7 @@ public abstract class AbstractOperation { List<WSHandlerResult> results = (List<WSHandlerResult>) context.get(WSHandlerConstants.RECV_RESULTS); // DOM +<<<<<<< HEAD if (results != null) { for (WSHandlerResult rResult : results) { List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults(); @@ -558,6 +559,11 @@ public abstract class AbstractOperation { } } } +======= + X509Certificate cert = WSS4JUtils.getReqSigCert(results); + if (cert != null) { + return cert; +>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS } // Streaming