Author: alessio.soldano(a)jboss.com
Date: 2013-04-26 13:07:26 -0400 (Fri, 26 Apr 2013)
New Revision: 17516
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
Log:
[JBPAPP-10708] use wss4j 1.5 fork algorithm suite additions
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java 2013-04-26
17:07:26 UTC (rev 17516)
@@ -202,8 +202,20 @@
WSDocInfo wsDocInfo,
Vector returnResults,
WSSConfig config) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+ // CHECKSTYLE:OFF
+ public void handleToken(Element elem,
+ Crypto crypto,
+ Crypto decCrypto,
+ CallbackHandler cb,
+ WSDocInfo wsDocInfo,
+ Vector returnResults,
+ WSSConfig config,
+ RequestData data) throws WSSecurityException {
+ // CHECKSTYLE:ON
new CustomUsernameTokenProcessor().handleToken(elem, crypto, decCrypto, cb,
wsDocInfo,
- returnResults, config);
+ returnResults, config, data);
}
@@ -244,9 +256,16 @@
private String utId;
private UsernameToken ut;
+ public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
+ WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws
WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, wsc,
null);
+ }
+ // CHECKSTYLE:OFF
@SuppressWarnings("unchecked")
public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
CallbackHandler cb,
- WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws
WSSecurityException {
+ WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc, RequestData data)
+ throws WSSecurityException {
+ // CHECKSTYLE:ON
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Found UsernameToken list element");
}
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java 2013-04-26
17:07:26 UTC (rev 17516)
@@ -60,6 +60,7 @@
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.RequiredElements;
@@ -78,6 +79,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
@@ -388,6 +390,68 @@
}
}
+
+ /**
+ * Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are
+ * allowed for encryption, signature, etc.
+ */
+ protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws
WSSecurityException {
+ Binding binding = getBinding(message);
+ if (binding != null && binding.getAlgorithmSuite() != null) {
+ // Translate into WSS4J's AlgorithmSuite class
+ AlgorithmSuite algorithmSuite =
translateAlgorithmSuite(binding.getAlgorithmSuite());
+ data.setAlgorithmSuite(algorithmSuite);
+ }
+ }
+
+ /**
+ * Translate a CXF AlgorithmSuite object into WSS4J's AlgorithmSuite object
+ */
+ private AlgorithmSuite translateAlgorithmSuite(
+ org.apache.cxf.ws.security.policy.model.AlgorithmSuite cxfAlgorithmSuite) {
+ // Translate into WSS4J's AlgorithmSuite class
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+
algorithmSuite.setMaximumAsymmetricKeyLength(cxfAlgorithmSuite.getMaximumAsymmetricKeyLength());
+
algorithmSuite.setMinimumAsymmetricKeyLength(cxfAlgorithmSuite.getMinimumAsymmetricKeyLength());
+
algorithmSuite.setMaximumSymmetricKeyLength(cxfAlgorithmSuite.getMaximumSymmetricKeyLength());
+
algorithmSuite.setMinimumSymmetricKeyLength(cxfAlgorithmSuite.getMinimumSymmetricKeyLength());
+
+ algorithmSuite.addEncryptionMethod(cxfAlgorithmSuite.getEncryption());
+ algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getSymmetricKeyWrap());
+ algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getAsymmetricKeyWrap());
+
+ algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1);
+ algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1_L128);
+
+ return algorithmSuite;
+ }
+
+ /**
+ * Get the WS-SecurityPolicy Binding that is in operation
+ */
+ private Binding getBinding(SoapMessage message) {
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ if (aim != null) {
+ Collection<AssertionInfo> ais =
aim.get(SP12Constants.TRANSPORT_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ }
+ return null;
+ }
+
+
protected void computeAction(SoapMessage message, RequestData data) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java 2013-04-26
17:07:26 UTC (rev 17516)
@@ -195,6 +195,7 @@
*/
try {
reqData.setMsgContext(msg);
+ setAlgorithmSuites(msg, reqData);
computeAction(msg, reqData);
Vector actions = new Vector();
String action = getAction(msg, version);
@@ -221,7 +222,8 @@
actor,
cbHandler,
reqData.getSigCrypto(),
- reqData.getDecCrypto()
+ reqData.getDecCrypto(),
+ reqData
);
if (doTimeLog) {
@@ -381,6 +383,15 @@
protected void computeAction(SoapMessage msg, RequestData reqData) {
}
+
+ /**
+ * Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are
+ * allowed for encryption, signature, etc.
+ */
+ protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws
WSSecurityException {
+ super.decodeAlgorithmSuite(data);
+ }
+
protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector
wsResult)
throws SOAPException, XMLStreamException, WSSecurityException {
/*
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java 2013-04-26
17:07:26 UTC (rev 17516)
@@ -24,6 +24,7 @@
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.processor.Processor;
@@ -43,6 +44,23 @@
final java.util.Vector returnResults,
final WSSConfig config
) throws WSSecurityException {
+ handleToken(elem, crypto, decCrypto, cb, wsDocInfo, returnResults, config,
null);
+ }
+
+ // CHECKSTYLE:OFF
+ @SuppressWarnings("unchecked")
+ public final void
+ handleToken(
+ final org.w3c.dom.Element elem,
+ final Crypto crypto,
+ final Crypto decCrypto,
+ final javax.security.auth.callback.CallbackHandler cb,
+ final WSDocInfo wsDocInfo,
+ final java.util.Vector returnResults,
+ final WSSConfig config,
+ final RequestData data
+ ) throws WSSecurityException {
+ // CHECKSTYLE:ON
final java.util.Map result =
new WSSecurityEngineResult(
WSConstants.SIGN,
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified:
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
===================================================================
---
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml 2013-04-26
17:01:52 UTC (rev 17515)
+++
thirdparty/cxf/branches/cxf-2.2.12/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml 2013-04-26
17:07:26 UTC (rev 17516)
@@ -28,7 +28,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256 />
+ <sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>