ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1531303 - /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
Date Fri, 11 Oct 2013 14:25:22 GMT
Author: coheigea
Date: Fri Oct 11 14:25:22 2013
New Revision: 1531303

URL: http://svn.apache.org/r1531303
Log:
Allow the ability to get a key associated with an (encrypted) SAML Token from the CallbackHandler

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java?rev=1531303&r1=1531302&r2=1531303&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
Fri Oct 11 14:25:22 2013
@@ -27,7 +27,6 @@ import java.security.cert.CertificateNot
 import java.security.cert.X509Certificate;
 import java.util.List;
 
-import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -41,12 +40,13 @@ import org.apache.wss4j.common.saml.Open
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
+import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
@@ -60,6 +60,7 @@ public class SamlSecurityTokenImpl exten
     private WSSSecurityProperties securityProperties;
     private Principal principal;
     private SAMLKeyInfo subjectKeyInfo;
+    private byte[] secret;
     
     public SamlSecurityTokenImpl(WSInboundSecurityContext wsInboundSecurityContext, String
id,
                                  WSSecurityTokenConstants.KeyIdentifier keyIdentifier,
@@ -83,12 +84,21 @@ public class SamlSecurityTokenImpl exten
                     WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken",
id
                 );
             }
-            this.samlAssertionWrapper = new SamlAssertionWrapper(assertionElem);
             
-            subjectKeyInfo = 
-                SAMLUtil.getCredentialFromSubject(samlAssertionWrapper, null, 
-                                                  securityProperties.getSignatureVerificationCrypto(),
-                                                  securityProperties.getCallbackHandler());
+            if ("Assertion".equals(assertionElem.getLocalName())
+                && (WSSConstants.NS_SAML.equals(assertionElem.getNamespaceURI())
+                || WSSConstants.NS_SAML2.equals(assertionElem))) {
+                this.samlAssertionWrapper = new SamlAssertionWrapper(assertionElem);
+                
+                subjectKeyInfo = 
+                    SAMLUtil.getCredentialFromSubject(samlAssertionWrapper, null, 
+                                                      securityProperties.getSignatureVerificationCrypto(),
+                                                      securityProperties.getCallbackHandler());
+            } else {
+                // Possibly an Encrypted Assertion...just get the key
+                this.samlAssertionWrapper = null;
+                secret = pwcb.getKey();
+            }
         } else {
             throw new WSSecurityException(
                 WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", id
@@ -117,13 +127,12 @@ public class SamlSecurityTokenImpl exten
 
     @Override
     protected Key getKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage,
String correlationID) throws XMLSecurityException {
-        if (this.subjectSecurityToken != null) {
+        if (secret != null) {
+            return KeyUtils.prepareSecretKey(algorithmURI, secret);
+        } else if (this.subjectSecurityToken != null) {
             return subjectSecurityToken.getSecretKey(algorithmURI, algorithmUsage, correlationID);
         } else if (subjectKeyInfo != null && subjectKeyInfo.getSecret() != null)
{
-            byte[] secret = subjectKeyInfo.getSecret();
-            
-            String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-            return new SecretKeySpec(secret, algoFamily);
+            return KeyUtils.prepareSecretKey(algorithmURI, subjectKeyInfo.getSecret());
         }
         return super.getKey(algorithmURI, algorithmUsage, correlationID);
     }
@@ -162,6 +171,9 @@ public class SamlSecurityTokenImpl exten
     public void verify() throws XMLSecurityException {
         //todo revisit verify for every security token incl. public-key
         //todo should we call verify implicit when accessing the keys?
+        if (samlAssertionWrapper == null) {
+            return;
+        }
         try {
             String confirmMethod = null;
             List<String> methods = samlAssertionWrapper.getConfirmationMethods();
@@ -195,9 +207,11 @@ public class SamlSecurityTokenImpl exten
 
     @Override
     public WSSecurityTokenConstants.TokenType getTokenType() {
-        if (samlAssertionWrapper.getSamlVersion() == SAMLVersion.VERSION_10) {
+        if (samlAssertionWrapper != null 
+            && samlAssertionWrapper.getSamlVersion() == SAMLVersion.VERSION_10) {
             return WSSecurityTokenConstants.Saml10Token;
-        } else if (samlAssertionWrapper.getSamlVersion() == SAMLVersion.VERSION_11) {
+        } else if (samlAssertionWrapper != null 
+            && samlAssertionWrapper.getSamlVersion() == SAMLVersion.VERSION_11) {
             return WSSecurityTokenConstants.Saml11Token;
         }
         return WSSecurityTokenConstants.Saml20Token;



Mime
View raw message