Author: alessio.soldano(a)jboss.com
Date: 2012-10-03 07:16:40 -0400 (Wed, 03 Oct 2012)
New Revision: 16808
Modified:
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Log:
[JBPAPP-10048] Porting fix for CXF-4539
Modified:
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java 2012-10-03
10:45:38 UTC (rev 16807)
+++
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java 2012-10-03
11:16:40 UTC (rev 16808)
@@ -22,11 +22,11 @@
import java.net.URI;
import java.net.URL;
import java.util.Collection;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
@@ -57,7 +57,8 @@
HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData"));
}
- private Map<String, Object> properties = new HashMap<String, Object>();
+ private Map<String, Object> properties = new ConcurrentHashMap<String,
Object>();
+ private Map<String, Crypto> cryptoMap = new ConcurrentHashMap<String,
Crypto>();
private Set<String> before = new HashSet<String>();
private Set<String> after = new HashSet<String>();
private String phase;
@@ -213,5 +214,49 @@
Thread.currentThread().setContextClassLoader(orig);
}
}
+
+ // TODO Remove once we pick up WSS4J 1.6.8
+ @Override
+ protected Crypto loadCrypto(
+ String cryptoPropertyFile,
+ String cryptoPropertyRefId,
+ RequestData requestData
+ ) throws WSSecurityException {
+ Object mc = requestData.getMsgContext();
+ Crypto crypto = null;
+
+ //
+ // Try the Property Ref Id first
+ //
+ String refId = getString(cryptoPropertyRefId, mc);
+ if (refId != null) {
+ crypto = cryptoMap.get(refId);
+ if (crypto == null) {
+ Object obj = getProperty(mc, refId);
+ if (obj instanceof Properties) {
+ crypto = CryptoFactory.getInstance((Properties)obj);
+ cryptoMap.put(refId, crypto);
+ } else if (obj instanceof Crypto) {
+ crypto = (Crypto)obj;
+ cryptoMap.put(refId, crypto);
+ }
+ }
+ }
+
+ //
+ // Now try loading the properties file
+ //
+ if (crypto == null) {
+ String propFile = getString(cryptoPropertyFile, mc);
+ if (propFile != null) {
+ crypto = cryptoMap.get(propFile);
+ if (crypto == null) {
+ crypto = loadCryptoFromPropertiesFile(propFile, requestData);
+ cryptoMap.put(propFile, crypto);
+ }
+ }
+ }
+ return crypto;
+ }
}
Modified:
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java 2012-10-03
10:45:38 UTC (rev 16807)
+++
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java 2012-10-03
11:16:40 UTC (rev 16808)
@@ -28,7 +28,6 @@
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
@@ -91,6 +90,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.token.Timestamp;
@@ -100,7 +100,6 @@
*
*/
public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
- public static final String PROPERTIES_CACHE =
"ws-security.properties.cache";
public static final PolicyBasedWSS4JInInterceptor INSTANCE
= new PolicyBasedWSS4JInInterceptor();
private static final Logger LOG =
LogUtils.getL7dLogger(PolicyBasedWSS4JInInterceptor.class);
@@ -112,24 +111,8 @@
super(true);
}
- protected static Map<Object, Properties> getPropertiesCache(SoapMessage
message) {
- EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
- synchronized (info) {
- Map<Object, Properties> o =
- CastUtils.cast((Map<?,
?>)message.getContextualProperty(PROPERTIES_CACHE));
- if (o == null) {
- o = new ConcurrentHashMap<Object, Properties>();
- info.setProperty(PROPERTIES_CACHE, o);
- }
- return o;
- }
- }
-
private static Properties getProps(Object o, String propsKey, URL propsURL,
SoapMessage message) {
- Properties properties = getPropertiesCache(message).get(propsKey);
- if (properties != null) {
- return properties;
- }
+ Properties properties = null;
if (o instanceof Properties) {
properties = (Properties)o;
} else if (propsURL != null) {
@@ -143,9 +126,6 @@
}
}
- if (properties != null) {
- getPropertiesCache(message).put(propsKey, properties);
- }
return properties;
}
@@ -210,7 +190,7 @@
private String checkAsymmetricBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -227,42 +207,33 @@
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey,
propsURL, message));
- }
- if (e == null) {
- e = s;
- }
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey,
propsURL, message));
- }
+
+ if (signCrypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), signCrypto);
}
+
+ if (encrCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
encrCrypto.hashCode());
+ message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+ } else if (signCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
+ }
return action;
}
private String checkTransportBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -279,42 +250,33 @@
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey,
propsURL, message));
- }
- if (e == null) {
- e = s;
- }
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey,
propsURL, message));
- }
+
+ if (signCrypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), signCrypto);
}
+
+ if (encrCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
encrCrypto.hashCode());
+ message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+ } else if (signCrypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
signCrypto.hashCode());
+ message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
+ }
return action;
}
private String checkSymmetricBinding(
AssertionInfoMap aim, String action, SoapMessage message
- ) {
+ ) throws WSSecurityException {
Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
if (ais == null || ais.isEmpty()) {
return action;
@@ -331,71 +293,97 @@
e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
}
- if (e != null && s == null) {
- s = e;
- } else if (s != null && e == null) {
- e = s;
+ Crypto encrCrypto = getEncryptionCrypto(e, message);
+ Crypto signCrypto = null;
+ if (e != null && e.equals(s)) {
+ signCrypto = encrCrypto;
+ } else {
+ signCrypto = getSignatureCrypto(s, message);
}
if (isRequestor(message)) {
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey,
propsURL, message));
- }
+ Crypto crypto = encrCrypto;
+ if (crypto == null) {
+ crypto = signCrypto;
}
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey,
propsURL, message));
- }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
+
+ crypto = signCrypto;
+ if (crypto == null) {
+ crypto = encrCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
+ }
} else {
- if (s != null) {
- URL propsURL = getPropertiesFileURL(s, message);
- String propsKey = s.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
propsKey);
- if (s instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)s);
- } else {
- message.put("RefId-" + propsKey, getProps(s, propsKey,
propsURL, message));
- }
+ Crypto crypto = signCrypto;
+ if (crypto == null) {
+ crypto = encrCrypto;
}
- if (e != null) {
- URL propsURL = getPropertiesFileURL(e, message);
- String propsKey = e.toString();
- if (propsURL != null) {
- propsKey = propsURL.getPath();
- }
- message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
propsKey);
- if (e instanceof Crypto) {
- message.put("RefId-" + propsKey, (Crypto)e);
- } else {
- message.put("RefId-" + propsKey, getProps(e, propsKey,
propsURL, message));
- }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" +
crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
}
+
+ crypto = encrCrypto;
+ if (crypto == null) {
+ crypto = signCrypto;
+ }
+ if (crypto != null) {
+ message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" +
crypto.hashCode());
+ message.put("RefId-" + crypto.hashCode(), crypto);
+ }
}
return action;
}
+ private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws
WSSecurityException {
+ Crypto encrCrypto = null;
+ if (e instanceof Crypto) {
+ encrCrypto = (Crypto)e;
+ } else if (e != null) {
+ URL propsURL = getPropertiesFileURL(e, message);
+ String propsKey = e.toString();
+ if (propsURL != null) {
+ propsKey = propsURL.getPath();
+ }
+ Properties props = getProps(e, propsKey, propsURL, message);
+ encrCrypto = CryptoFactory.getInstance(props);
+
+ EndpointInfo info =
message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+ }
+ }
+ return encrCrypto;
+ }
+
+ private Crypto getSignatureCrypto(Object s, SoapMessage message) throws
WSSecurityException {
+ Crypto signCrypto = null;
+ if (s instanceof Crypto) {
+ signCrypto = (Crypto)s;
+ } else if (s != null) {
+ URL propsURL = getPropertiesFileURL(s, message);
+ String propsKey = s.toString();
+ if (propsURL != null) {
+ propsKey = propsURL.getPath();
+ }
+ Properties props = getProps(s, propsKey, propsURL, message);
+ signCrypto = CryptoFactory.getInstance(props);
+
+ EndpointInfo info =
message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+ }
+ }
+ return signCrypto;
+ }
+
private boolean assertXPathTokens(AssertionInfoMap aim,
QName name,
Collection<WSDataRef> refs,
@@ -482,7 +470,7 @@
return true;
}
- protected void computeAction(SoapMessage message, RequestData data) {
+ protected void computeAction(SoapMessage message, RequestData data) throws
WSSecurityException {
String action = getString(WSHandlerConstants.ACTION, message);
if (action == null) {
action = "";
Modified:
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java 2012-10-03
10:45:38 UTC (rev 16807)
+++
thirdparty/cxf/branches/cxf-2.4.9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java 2012-10-03
11:16:40 UTC (rev 16808)
@@ -404,7 +404,7 @@
* @param msg
* @param reqData
*/
- protected void computeAction(SoapMessage msg, RequestData reqData) {
+ protected void computeAction(SoapMessage msg, RequestData reqData) throws
WSSecurityException {
//
// Try to get Crypto Provider from message context properties.
// It gives a possibility to use external Crypto Provider