ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1208466 - in /webservices/wss4j/trunk/src/main/java/org/apache/ws/security: processor/SecurityContextTokenProcessor.java spnego/SpnegoToken.java str/SecurityTokenRefSTRParser.java
Date Wed, 30 Nov 2011 15:31:10 GMT
Author: coheigea
Date: Wed Nov 30 15:31:10 2011
New Revision: 1208466

URL: http://svn.apache.org/viewvc?rev=1208466&view=rev
Log:
Added the ability to encrypt using SPNEGO and some improvements based around handling keys
associated with SecurityContextTokens.

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
Wed Nov 30 15:31:10 2011
@@ -67,7 +67,19 @@ public class SecurityContextTokenProcess
             result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
             result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
         } else {
-            byte[] secret = getSecret(data.getCallbackHandler(), sct);
+            String id = sct.getID();
+            if (id.charAt(0) == '#') {
+                id = id.substring(1);
+            }
+            byte[] secret = null;
+            try {
+                secret = getSecret(data.getCallbackHandler(), sct.getIdentifier());
+            } catch (WSSecurityException ex) {
+                secret = getSecret(data.getCallbackHandler(), id);
+            }
+            if (secret == null || secret.length == 0) {
+                secret = getSecret(data.getCallbackHandler(), id);
+            }
             result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
             result.put(WSSecurityEngineResult.TAG_SECRET, secret);
         }
@@ -84,7 +96,7 @@ public class SecurityContextTokenProcess
      * @param sct
      * @return The key collected using the callback handler
      */
-    private byte[] getSecret(CallbackHandler cb, SecurityContextToken sct)
+    private byte[] getSecret(CallbackHandler cb, String identifier)
         throws WSSecurityException {
 
         if (cb == null) {
@@ -92,9 +104,7 @@ public class SecurityContextTokenProcess
         }
 
         WSPasswordCallback callback = 
-            new WSPasswordCallback(
-                sct.getIdentifier(), WSPasswordCallback.SECURITY_CONTEXT_TOKEN
-            );
+            new WSPasswordCallback(identifier, WSPasswordCallback.SECURITY_CONTEXT_TOKEN);
         try {
             Callback[] callbacks = new Callback[]{callback};
             cb.handle(callbacks);
@@ -102,14 +112,14 @@ public class SecurityContextTokenProcess
             throw new WSSecurityException(
                 WSSecurityException.FAILURE, 
                 "noKey",
-                new Object[] {sct.getIdentifier()}, 
+                new Object[] {identifier}, 
                 e
             );
         } catch (UnsupportedCallbackException e) {
             throw new WSSecurityException(
                 WSSecurityException.FAILURE, 
                 "noKey",
-                new Object[] {sct.getIdentifier()}, 
+                new Object[] {identifier}, 
                 e
             );
         }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/spnego/SpnegoToken.java Wed
Nov 30 15:31:10 2011
@@ -202,6 +202,23 @@ public class SpnegoToken {
         }
     }
     
+    /**
+     * Wrap a key
+     */
+    public byte[] wrapKey(byte[] secret) throws WSSecurityException {
+        MessageProp mProp = new MessageProp(0, true);
+        try {
+            return secContext.wrap(secret, 0, secret.length, mProp);
+        } catch (GSSException e) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Error in cleaning up a GSS context", e);
+            }
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, "spnegoKeyError"
+            );
+        }
+    }
+    
     public void clear() {
         token = null;
         try {

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1208466&r1=1208465&r2=1208466&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
Wed Nov 30 15:31:10 2011
@@ -97,6 +97,12 @@ public class SecurityTokenRefSTRParser i
         WSSecurityEngineResult result = wsDocInfo.getResult(uri);
         if (result != null) {
             processPreviousResult(result, secRef, data, parameters, wsDocInfo, bspCompliant);
+            
+            if (secretKey == null) {
+                throw new WSSecurityException(
+                    WSSecurityException.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}
+                );
+            }
         } else if (secRef.containsReference()) {
             Reference reference = secRef.getReference();
             // Try asking the CallbackHandler for the secret key



Mime
View raw message