ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1446218 - /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
Date Thu, 14 Feb 2013 14:51:34 GMT
Author: coheigea
Date: Thu Feb 14 14:51:34 2013
New Revision: 1446218

URL: http://svn.apache.org/r1446218
Log:
Some refactoring of the stax UsernameTokenValidator

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java?rev=1446218&r1=1446217&r2=1446218&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
Thu Feb 14 14:51:34 2013
@@ -79,7 +79,6 @@ public class UsernameTokenValidatorImpl 
         final AttributedDateTime attributedDateTimeCreated =
                 XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsu_Created);
 
-        // TODO revisit this once we add in Validators
         if (usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST)
{
             if (encodedNonce == null || attributedDateTimeCreated == null) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badTokenType01");
@@ -108,72 +107,22 @@ public class UsernameTokenValidatorImpl 
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
             }
 
-            WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
-                    null,
-                    passwordType.getType(),
-                    WSPasswordCallback.Usage.USERNAME_TOKEN);
-            try {
-                WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(),
pwCb);
-            } catch (WSSecurityException e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
e);
-            }
-
-            if (pwCb.getPassword() == null) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-
-            String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
-            if (!passwordType.getValue().equals(passDigest)) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-            passwordType.setValue(pwCb.getPassword());
+            verifyDigestPassword(username.getValue(), passwordType, nonceVal, created, tokenContext);
         } else if ((usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)
                 || (passwordType != null && passwordType.getValue() != null
                 && usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE))
{
             nonceVal = null;
             created = null;
-            WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
-                    null,
-                    passwordType.getType(),
-                    WSPasswordCallback.Usage.USERNAME_TOKEN);
-            try {
-                WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(),
pwCb);
-            } catch (WSSecurityException e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
e);
-            }
-
-            if (pwCb.getPassword() == null) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-
-            if (!passwordType.getValue().equals(pwCb.getPassword())) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-            passwordType.setValue(pwCb.getPassword());
-        } else if (passwordType != null && passwordType.getValue() != null &&
usernameTokenPasswordType == null) {
+            
+            verifyPlaintextPassword(username.getValue(), passwordType, tokenContext);
+        } else if (passwordType != null && passwordType.getValue() != null) {
             if (!handleCustomPasswordTypes) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
             }
             nonceVal = null;
             created = null;
-            WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
-                    null,
-                    passwordType.getType(),
-                    WSPasswordCallback.Usage.USERNAME_TOKEN);
-            try {
-                WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(),
pwCb);
-            } catch (WSSecurityException e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
e);
-            }
-
-            if (pwCb.getPassword() == null) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-
-            if (!passwordType.getValue().equals(pwCb.getPassword())) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
-            }
-            passwordType.setValue(pwCb.getPassword());
+            
+            verifyCustomPassword(username.getValue(), passwordType, tokenContext);
         } else {
             if (!allowUsernameTokenNoPassword) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
@@ -198,4 +147,75 @@ public class UsernameTokenValidatorImpl 
 
         return usernameSecurityToken;
     }
+    
+    /**
+     * Verify a UsernameToken containing a password digest.
+     */
+    protected void verifyDigestPassword(
+        String username,
+        PasswordString passwordType,
+        byte[] nonceVal,
+        String created,
+        TokenContext tokenContext
+    ) throws WSSecurityException {
+        WSPasswordCallback pwCb = new WSPasswordCallback(username,
+                null,
+                passwordType.getType(),
+                WSPasswordCallback.Usage.USERNAME_TOKEN);
+        try {
+            WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(),
pwCb);
+        } catch (WSSecurityException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
e);
+        }
+
+        if (pwCb.getPassword() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+        }
+
+        String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
+        if (!passwordType.getValue().equals(passDigest)) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+        }
+        passwordType.setValue(pwCb.getPassword());
+    }
+    
+    /**
+     * Verify a UsernameToken containing a plaintext password.
+     */
+    protected void verifyPlaintextPassword(
+        String username,
+        PasswordString passwordType,
+        TokenContext tokenContext
+    ) throws WSSecurityException {
+        WSPasswordCallback pwCb = new WSPasswordCallback(username,
+                null,
+                passwordType.getType(),
+                WSPasswordCallback.Usage.USERNAME_TOKEN);
+        try {
+            WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(),
pwCb);
+        } catch (WSSecurityException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION,
e);
+        }
+
+        if (pwCb.getPassword() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+        }
+
+        if (!passwordType.getValue().equals(pwCb.getPassword())) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+        }
+        passwordType.setValue(pwCb.getPassword());
+    }
+    
+    /**
+     * Verify a UsernameToken containing a password of some unknown (but specified) password
+     * type.
+     */
+    protected void verifyCustomPassword(
+        String username,
+        PasswordString passwordType,
+        TokenContext tokenContext
+    ) throws WSSecurityException {
+        verifyPlaintextPassword(username, passwordType, tokenContext);
+    }
 }



Mime
View raw message