Consolidate some code in WS-Security/STS
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c81e8d44
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c81e8d44
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c81e8d44
Branch: refs/heads/3.0.x-fixes
Commit: c81e8d440a5300e3b9390e2b8bb7b3aa8c70ad61
Parents: 0e9101f
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Mon Aug 17 16:56:06 2015 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Mon Aug 17 16:56:40 2015 +0100
----------------------------------------------------------------------
.../cxf/ws/security/wss4j/WSS4JUtils.java | 68 ++++++++++++++++++++
.../policyhandlers/AbstractBindingBuilder.java | 5 +-
.../cxf/sts/operation/AbstractOperation.java | 8 ++-
3 files changed, 79 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index d872a47..387fb56 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -22,7 +22,13 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Key;
+import java.security.cert.X509Certificate;
import java.util.Date;
+<<<<<<< HEAD
+=======
+import java.util.List;
+import java.util.Map;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
import java.util.Properties;
import javax.crypto.SecretKey;
@@ -49,6 +55,13 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
+<<<<<<< HEAD
+=======
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -350,4 +363,59 @@ public final class WSS4JUtils {
return CryptoFactory.getInstance(propFilename, classLoader);
}
+<<<<<<< HEAD
+=======
+ public static Crypto getSignatureCrypto(
+ Object s,
+ SoapMessage message,
+ PasswordEncryptor passwordEncryptor
+ ) throws WSSecurityException {
+ Crypto signCrypto = null;
+ if (s instanceof Crypto) {
+ signCrypto = (Crypto)s;
+ } else if (s != null) {
+ URL propsURL = SecurityUtils.loadResource(message, s);
+ Properties props = WSS4JUtils.getProps(s, propsURL);
+ if (props == null) {
+ LOG.fine("Cannot find Crypto Signature properties: " + s);
+ Exception ex = new Exception("Cannot find Crypto Signature
properties: " + s);
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+ }
+
+ signCrypto = CryptoFactory.getInstance(props,
Loader.getClassLoader(CryptoFactory.class),
+ passwordEncryptor);
+
+ EndpointInfo info =
message.getExchange().getEndpoint().getEndpointInfo();
+ synchronized (info) {
+ info.setProperty(SecurityConstants.SIGNATURE_CRYPTO,
signCrypto);
+ }
+ }
+ return signCrypto;
+ }
+
+ /**
+ * Get the certificate that was used to sign the request
+ */
+ public static X509Certificate getReqSigCert(List<WSHandlerResult> results)
{
+ if (results == null || results.isEmpty()) {
+ return null;
+ }
+
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> signedResults =
+ rResult.getActionResults().get(WSConstants.SIGN);
+
+ if (signedResults != null && !signedResults.isEmpty()) {
+ for (WSSecurityEngineResult signedResult : signedResults) {
+ if
(signedResult.containsKey(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) {
+ return (X509Certificate)signedResult.get(
+ WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 62b016c..6a992cb 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1611,7 +1611,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
CastUtils.cast((List<?>)
message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
if (results != null) {
- encrKeyBuilder.setUseThisCert(getReqSigCert(results));
+
encrKeyBuilder.setUseThisCert(WSS4JUtils.getReqSigCert(results));
//TODO This is a hack, this should not come under
USE_REQ_SIG_CERT
if (encrKeyBuilder.isCertSet()) {
@@ -1627,6 +1627,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
return encrUser;
}
+<<<<<<< HEAD
private static X509Certificate getReqSigCert(List<WSHandlerResult>
results) {
/*
* Scan the results for a matching actor. Use results only if the
@@ -1650,6 +1651,8 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
return null;
}
+=======
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
/**
* Scan through <code>WSHandlerResult<code> list for a Username token and
return
* the username if a Username Token found
http://git-wip-us.apache.org/repos/asf/cxf/blob/c81e8d44/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 4146a3f..f91edee 100644
---
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -76,10 +76,10 @@ import
org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
import
org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
import
org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -543,6 +543,7 @@ public abstract class AbstractOperation {
List<WSHandlerResult> results =
(List<WSHandlerResult>)
context.get(WSHandlerConstants.RECV_RESULTS);
// DOM
+<<<<<<< HEAD
if (results != null) {
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults =
rResult.getResults();
@@ -558,6 +559,11 @@ public abstract class AbstractOperation {
}
}
}
+=======
+ X509Certificate cert = WSS4JUtils.getReqSigCert(results);
+ if (cert != null) {
+ return cert;
+>>>>>>> 17dbc12... Consolidate some code in WS-Security/STS
}
// Streaming
