ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1483300 - /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Date Thu, 16 May 2013 11:35:10 GMT
Author: coheigea
Date: Thu May 16 11:35:10 2013
New Revision: 1483300

URL: http://svn.apache.org/r1483300
Log:
Check for SAML proof-of-possession in both TLS + message signatures

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1483300&r1=1483299&r2=1483300&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
Thu May 16 11:35:10 2013
@@ -656,31 +656,32 @@ public class SAMLTokenInputHandler exten
                             } else if (httpsCertificate.getPublicKey().equals(subjectPublicKey))
{
                                 return;
                             }
-                        } else {
-                            for (int j = 0; j < securityTokenProviders.size(); j++) {
-                                SecurityTokenProvider<? extends InboundSecurityToken>
securityTokenProvider = securityTokenProviders.get(j);
-                                InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
-                                if (securityToken == httpsSecurityToken) {
-                                    continue;
-                                }
-                                X509Certificate[] x509Certificates = securityToken.getX509Certificates();
-                                PublicKey publicKey = securityToken.getPublicKey();
-                                Map<String, Key> keyMap = securityToken.getSecretKey();
-                                if (x509Certificates != null && x509Certificates.length
> 0
-                                        && subjectCertificates != null &&
subjectCertificates.length > 0 &&
-                                        subjectCertificates[0].equals(x509Certificates[0]))
{
-                                    return;
-                                }
-                                if (publicKey != null && publicKey.equals(subjectPublicKey))
{
+                        }
+                        
+                        // Now try message signatures
+                        for (int j = 0; j < securityTokenProviders.size(); j++) {
+                            SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider
= securityTokenProviders.get(j);
+                            InboundSecurityToken securityToken = securityTokenProvider.getSecurityToken();
+                            if (securityToken == httpsSecurityToken) {
+                                continue;
+                            }
+                            X509Certificate[] x509Certificates = securityToken.getX509Certificates();
+                            PublicKey publicKey = securityToken.getPublicKey();
+                            Map<String, Key> keyMap = securityToken.getSecretKey();
+                            if (x509Certificates != null && x509Certificates.length
> 0
+                                && subjectCertificates != null && subjectCertificates.length
> 0 &&
+                                subjectCertificates[0].equals(x509Certificates[0])) {
+                                return;
+                            }
+                            if (publicKey != null && publicKey.equals(subjectPublicKey))
{
+                                return;
+                            }
+                            Iterator<Map.Entry<String, Key>> iterator = keyMap.entrySet().iterator();
+                            while (iterator.hasNext()) {
+                                Map.Entry<String, Key> next = iterator.next();
+                                if (next.getValue().equals(subjectSecretKey)) {
                                     return;
                                 }
-                                Iterator<Map.Entry<String, Key>> iterator = keyMap.entrySet().iterator();
-                                while (iterator.hasNext()) {
-                                    Map.Entry<String, Key> next = iterator.next();
-                                    if (next.getValue().equals(subjectSecretKey)) {
-                                        return;
-                                    }
-                                }
                             }
                         }
                     } else if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {



Mime
View raw message