ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1051832 - in /webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml: SAMLUtil.java WSSecSignatureSAML.java
Date Wed, 22 Dec 2010 11:02:03 GMT
Author: coheigea
Date: Wed Dec 22 11:02:03 2010
New Revision: 1051832

URL: http://svn.apache.org/viewvc?rev=1051832&view=rev
Log:
[WSS-261] - Added support for processing SAML Subject Confirmation keys that use issuer serial.

Modified:
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
    webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java?rev=1051832&r1=1051831&r2=1051832&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java (original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/SAMLUtil.java Wed
Dec 22 11:02:03 2010
@@ -34,6 +34,7 @@ import org.apache.xml.security.exception
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLAttributeStatement;
 import org.opensaml.SAMLAuthenticationStatement;
@@ -145,14 +146,21 @@ public class SAMLUtil {
 
                         if (ki.containsX509Data()) {
                             X509Data data = ki.itemX509Data(0);
-                            XMLX509Certificate certElem = null;
                             if (data != null && data.containsCertificate()) {
-                                certElem = data.itemCertificate(0);
-                            }
-                            if (certElem != null) {
-                                X509Certificate cert = certElem.getX509Certificate();
-                                certs = new X509Certificate[1];
-                                certs[0] = cert;
+                                XMLX509Certificate certElem = data.itemCertificate(0);
+                                if (certElem != null) {
+                                    X509Certificate cert = certElem.getX509Certificate();
+                                    certs = new X509Certificate[1];
+                                    certs[0] = cert;
+                                    return new SAMLKeyInfo(assertion, certs);
+                                }
+                            } else if (data != null && data.containsIssuerSerial())
{
+                                XMLX509IssuerSerial issuerSerial = data.itemIssuerSerial(0);
+                                String alias = 
+                                    crypto.getAliasForX509Cert(
+                                        issuerSerial.getIssuerName(), issuerSerial.getSerialNumber()
+                                    );
+                                certs = crypto.getCertificates(alias);
                                 return new SAMLKeyInfo(assertion, certs);
                             }
                         } else if (ki.containsKeyValue()) {

Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1051832&r1=1051831&r2=1051832&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
(original)
+++ webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/saml/WSSecSignatureSAML.java
Wed Dec 22 11:02:03 2010
@@ -41,6 +41,7 @@ import org.apache.xml.security.exception
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.signature.XMLSignatureException;
 import org.apache.xml.security.transforms.TransformationException;
@@ -254,14 +255,20 @@ public class WSSecSignatureSAML extends 
 
                 if (ki.containsX509Data()) {
                     X509Data data = ki.itemX509Data(0);
-                    XMLX509Certificate certElem = null;
                     if (data != null && data.containsCertificate()) {
-                        certElem = data.itemCertificate(0);
-                    }
-                    if (certElem != null) {
-                        X509Certificate cert = certElem.getX509Certificate();
-                        certs = new X509Certificate[1];
-                        certs[0] = cert;
+                        XMLX509Certificate certElem = data.itemCertificate(0);
+                        if (certElem != null) {
+                            X509Certificate cert = certElem.getX509Certificate();
+                            certs = new X509Certificate[1];
+                            certs[0] = cert;
+                        }
+                    } else if (data != null && data.containsIssuerSerial()) {
+                        XMLX509IssuerSerial issuerSerial = data.itemIssuerSerial(0);
+                        String alias = 
+                            userCrypto.getAliasForX509Cert(
+                                issuerSerial.getIssuerName(), issuerSerial.getSerialNumber()
+                            );
+                        certs = userCrypto.getCertificates(alias);
                     }
                 }  else if (ki.containsKeyValue()) {
                     publicKey = ki.getPublicKey();



Mime
View raw message