ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1559669 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-dom/src/main/java/org/apache/wss4j/dom/str/
Date Mon, 20 Jan 2014 11:35:13 GMT
Author: coheigea
Date: Mon Jan 20 11:35:13 2014
New Revision: 1559669

URL: http://svn.apache.org/r1559669
Log:
Also parse the Subject KeyInfo for the non-HolderOfKey case

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLUtil.java
Mon Jan 20 11:35:13 2014
@@ -48,6 +48,9 @@ import org.w3c.dom.Element;
  */
 public final class SAMLUtil {
     
+    private static final org.slf4j.Logger LOG = 
+        org.slf4j.LoggerFactory.getLogger(SAMLUtil.class);
+    
     private static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
     
     private SAMLUtil() {
@@ -84,20 +87,19 @@ public final class SAMLUtil {
      * Try to get the secret key from a CallbackHandler implementation
      * @param cb a CallbackHandler implementation
      * @return An array of bytes corresponding to the secret key (can be null)
-     * @throws WSSecurityException
      */
     public static byte[] getSecretKeyFromCallbackHandler(
         String id,
         CallbackHandler cb
-    ) throws WSSecurityException {
+    ) {
         if (cb != null) {
             WSPasswordCallback pwcb = 
                 new WSPasswordCallback(id, WSPasswordCallback.SECRET_KEY);
             try {
                 cb.handle(new Callback[]{pwcb});
             } catch (Exception e1) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKey",
-                        new Object[] { id }, e1);
+                LOG.debug("Error in retrieving secret key from CallbackHandler: " + e1.getMessage());
+                return null;
             }
             return pwcb.getKey();
         }
@@ -142,20 +144,15 @@ public final class SAMLUtil {
                 samlSubject = authzStmt.getSubject();
             }
             
-            if (samlSubject == null) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken", 
-                    "for Signature (no Subject)"
-                );
-            }
-
-            Element sub = samlSubject.getSubjectConfirmation().getDOM();
-            Element keyInfoElement = 
-                XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
-            if (keyInfoElement != null) {
-                return getCredentialFromKeyInfo(
-                    keyInfoElement, keyInfoProcessor, sigCrypto
-                );
+            if (samlSubject != null) {
+                Element sub = samlSubject.getSubjectConfirmation().getDOM();
+                Element keyInfoElement = 
+                    XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
+                if (keyInfoElement != null) {
+                    return getCredentialFromKeyInfo(
+                        keyInfoElement, keyInfoProcessor, sigCrypto
+                    );
+                }
             }
         }
 
@@ -185,24 +182,22 @@ public final class SAMLUtil {
         }
         
         org.opensaml.saml2.core.Subject samlSubject = assertion.getSubject();
-        if (samlSubject == null) {
-            throw new WSSecurityException(
-                WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken", 
-                "for Signature (no Subject)"
-            );
-        }
-        List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfList = 
-            samlSubject.getSubjectConfirmations();
-        for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList)
{
-            SubjectConfirmationData subjConfData = 
-                subjectConfirmation.getSubjectConfirmationData();
-            Element sub = subjConfData.getDOM();
-            Element keyInfoElement = 
-                XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
-            if (keyInfoElement != null) {
-                return getCredentialFromKeyInfo(
-                    keyInfoElement, keyInfoProcessor, sigCrypto
-                );
+        if (samlSubject != null) {
+            List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfList = 
+                samlSubject.getSubjectConfirmations();
+            for (org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation : subjectConfList)
{
+                SubjectConfirmationData subjConfData = 
+                    subjectConfirmation.getSubjectConfirmationData();
+                if (subjConfData != null) {
+                    Element sub = subjConfData.getDOM();
+                    Element keyInfoElement = 
+                        XMLUtils.getDirectChildElement(sub, "KeyInfo", SIG_NS);
+                    if (keyInfoElement != null) {
+                        return getCredentialFromKeyInfo(
+                            keyInfoElement, keyInfoProcessor, sigCrypto
+                        );
+                    }
+                }
             }
         }
 

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Mon Jan 20 11:35:13 2014
@@ -615,33 +615,25 @@ public class SamlAssertionWrapper {
     }
     
     /**
-     * This method parses the KeyInfo of the Subject for the holder-of-key confirmation
-     * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object
that
+     * This method parses the KeyInfo of the Subject. It then stores the SAMLKeyInfo object
that
      * has been obtained for future processing.
      * @throws WSSecurityException
      */
-    public void parseHOKSubject(
+    public void parseSubject(
         SAMLKeyInfoProcessor keyInfoProcessor,
         Crypto sigCrypto,
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
-        String confirmMethod = null;
-        List<String> methods = getConfirmationMethods();
-        if (methods != null && methods.size() > 0) {
-            confirmMethod = methods.get(0);
-        }
-        if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {
-            if (saml1 != null) {
-                subjectKeyInfo = 
-                    SAMLUtil.getCredentialFromSubject(
-                        saml1, keyInfoProcessor, sigCrypto, callbackHandler
-                    );
-            } else if (saml2 != null) {
-                subjectKeyInfo = 
-                    SAMLUtil.getCredentialFromSubject(
-                        saml2, keyInfoProcessor, sigCrypto, callbackHandler
-                    );
-            }
+        if (saml1 != null) {
+            subjectKeyInfo = 
+                SAMLUtil.getCredentialFromSubject(
+                    saml1, keyInfoProcessor, sigCrypto, callbackHandler
+                );
+        } else if (saml2 != null) {
+            subjectKeyInfo = 
+                SAMLUtil.getCredentialFromSubject(
+                    saml2, keyInfoProcessor, sigCrypto, callbackHandler
+                );
         }
     }
     

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
Mon Jan 20 11:35:13 2014
@@ -185,8 +185,8 @@ public class SAMLTokenProcessor implemen
 
             samlAssertion.verifySignature(samlKeyInfo);
         }
-        // Parse the HOK subject if it exists
-        samlAssertion.parseHOKSubject(
+        // Parse the subject if it exists
+        samlAssertion.parseSubject(
             new WSSSAMLKeyInfoProcessor(data, docInfo), data.getSigVerCrypto(), 
             data.getCallbackHandler()
         );

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java?rev=1559669&r1=1559668&r2=1559669&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
Mon Jan 20 11:35:13 2014
@@ -168,7 +168,7 @@ public class SignatureSTRParser implemen
                             );
                     } else {
                         samlAssertion = new SamlAssertionWrapper(processedToken);
-                        samlAssertion.parseHOKSubject(
+                        samlAssertion.parseSubject(
                             new WSSSAMLKeyInfoProcessor(data, wsDocInfo), 
                             data.getSigVerCrypto(), data.getCallbackHandler()
                         );



Mime
View raw message