ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1848965 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Date Fri, 14 Dec 2018 18:15:12 GMT
Author: coheigea
Date: Fri Dec 14 18:15:12 2018
New Revision: 1848965

URL: http://svn.apache.org/viewvc?rev=1848965&view=rev
Log:
Don't store the PrivateKey in SamlKeyInfo any more

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java?rev=1848965&r1=1848964&r2=1848965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLKeyInfo.java
Fri Dec 14 18:15:12 2018
@@ -19,7 +19,6 @@
 
 package org.apache.wss4j.common.saml;
 
-import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 
@@ -43,11 +42,6 @@ public class SAMLKeyInfo {
      */
     private PublicKey publicKey;
 
-    /**
-     * The private key
-     */
-    private PrivateKey privateKey;
-
     public SAMLKeyInfo() {
     }
 
@@ -87,11 +81,4 @@ public class SAMLKeyInfo {
         this.publicKey = publicKey;
     }
 
-    public PrivateKey getPrivateKey() {
-        return privateKey;
-    }
-
-    public void setPrivateKey(PrivateKey privateKey) {
-        this.privateKey = privateKey;
-    }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1848965&r1=1848964&r2=1848965&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
Fri Dec 14 18:15:12 2018
@@ -20,7 +20,6 @@ package org.apache.wss4j.stax.impl.proce
 
 import java.security.Key;
 import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -36,7 +35,6 @@ import org.apache.wss4j.common.ext.WSPas
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
@@ -142,7 +140,6 @@ public class SAMLTokenOutputProcessor ex
                 securityToken.setProcessor(finalSAMLTokenOutputProcessor);
 
             } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && hok) {
-                final SAMLKeyInfo samlKeyInfo = getSamlKeyInfo(samlCallback);
 
                 final Element ref;
                 if (securityToken != null) {
@@ -155,8 +152,8 @@ public class SAMLTokenOutputProcessor ex
                         securityTokenReferenceId, senderVouches, includeSTR);
 
                 final SAMLSecurityTokenProvider securityTokenProvider =
-                    new SAMLSecurityTokenProvider(samlKeyInfo, samlCallback, tokenId, ref,
-                                                  finalSAMLTokenOutputProcessor);
+                    new SAMLSecurityTokenProvider(samlCallback, (WSSSecurityProperties)getSecurityProperties(),
+                                                  tokenId, ref, finalSAMLTokenOutputProcessor);
 
                 //fire a tokenSecurityEvent
                 TokenSecurityEvent<OutboundSecurityToken> tokenSecurityEvent =
@@ -278,62 +275,20 @@ public class SAMLTokenOutputProcessor ex
         return bstSecurityToken;
     }
 
-    private SAMLKeyInfo getSamlKeyInfo(SAMLCallback samlCallback)
-        throws WSSConfigurationException, WSSecurityException {
-
-        final SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo();
-
-        SubjectBean subjectBean = samlCallback.getSubject();
-        if (subjectBean != null) {
-            KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
-            if (keyInfoBean != null) {
-                X509Certificate x509Certificate = keyInfoBean.getCertificate();
-                if (x509Certificate != null) {
-                    String alias = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().
-                            getX509Identifier(x509Certificate);
-                    if (alias == null) {
-                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"aliasIsNull");
-                    }
-                    WSPasswordCallback wsPasswordCallback =
-                        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
-                    WSSUtils.doPasswordCallback(
-                            ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
-                            wsPasswordCallback);
-                    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-                    cryptoType.setAlias(alias);
-                    samlKeyInfo.setCerts(((WSSSecurityProperties) getSecurityProperties()).
-                            getSignatureCrypto().getX509Certificates(cryptoType));
-                    samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
-                            getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword()));
-                } else if (keyInfoBean.getPublicKey() != null) {
-                    PublicKey publicKey = keyInfoBean.getPublicKey();
-                    samlKeyInfo.setPublicKey(publicKey);
-                    samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
-                            getSignatureCrypto().getPrivateKey(
-                                    samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword()));
-                } else {
-                    samlKeyInfo.setSecret(keyInfoBean.getEphemeralKey());
-                }
-            }
-        }
-
-        return samlKeyInfo;
-    }
-
     private static class SAMLSecurityTokenProvider
         implements SecurityTokenProvider<OutboundSecurityToken> {
 
         private GenericOutboundSecurityToken samlSecurityToken;
-        private SAMLKeyInfo samlKeyInfo;
         private SAMLCallback samlCallback;
         private String tokenId;
         private Element ref;
         private FinalSAMLTokenOutputProcessor finalSAMLTokenOutputProcessor;
+        private WSSSecurityProperties securityProperties;
 
-        SAMLSecurityTokenProvider(SAMLKeyInfo samlKeyInfo, SAMLCallback samlCallback, String
tokenId,
+        SAMLSecurityTokenProvider(SAMLCallback samlCallback, WSSSecurityProperties securityProperties,
String tokenId,
                                          Element ref, FinalSAMLTokenOutputProcessor finalSAMLTokenOutputProcessor)
{
-            this.samlKeyInfo = samlKeyInfo;
             this.samlCallback = samlCallback;
+            this.securityProperties = securityProperties;
             this.tokenId = tokenId;
             this.ref = ref;
             this.finalSAMLTokenOutputProcessor = finalSAMLTokenOutputProcessor;
@@ -354,9 +309,11 @@ public class SAMLTokenOutputProcessor ex
             } else {
                 tokenType = WSSecurityTokenConstants.SAML_20_TOKEN;
             }
-            if (samlKeyInfo.getPrivateKey() != null) {
+
+            PrivateKey privateKey = getPrivateKeyUsingCallback();
+            if (privateKey != null) {
                 this.samlSecurityToken = new GenericOutboundSecurityToken(
-                        tokenId, tokenType, samlKeyInfo.getPrivateKey(), samlKeyInfo.getCerts());
+                        tokenId, tokenType, privateKey, getCertificatesUsingCallback());
             } else {
                 this.samlSecurityToken = new GenericOutboundSecurityToken(
                         tokenId, tokenType) {
@@ -373,9 +330,10 @@ public class SAMLTokenOutputProcessor ex
                         if (key != null) {
                             return key;
                         }
-                        if (samlKeyInfo.getSecret() != null) {
+                        byte[] secretKey = getSecretKeyUsingCallback();
+                        if (secretKey != null) {
                             String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
-                            key = new SecretKeySpec(samlKeyInfo.getSecret(), algoFamily);
+                            key = new SecretKeySpec(secretKey, algoFamily);
                             setSecretKey(algorithmURI, key);
                         }
                         return key;
@@ -387,6 +345,73 @@ public class SAMLTokenOutputProcessor ex
             return this.samlSecurityToken;
         }
 
+        private PrivateKey getPrivateKeyUsingCallback()
+            throws WSSConfigurationException, WSSecurityException {
+
+            SubjectBean subjectBean = samlCallback.getSubject();
+            if (subjectBean != null) {
+                KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+                if (keyInfoBean != null) {
+                    X509Certificate x509Certificate = keyInfoBean.getCertificate();
+                    if (x509Certificate != null) {
+                        String alias = securityProperties.getSignatureCrypto().getX509Identifier(x509Certificate);
+                        if (alias == null) {
+                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"aliasIsNull");
+                        }
+                        WSPasswordCallback wsPasswordCallback =
+                            new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
+                        WSSUtils.doPasswordCallback(securityProperties.getCallbackHandler(),
wsPasswordCallback);
+                        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                        cryptoType.setAlias(alias);
+                        return securityProperties.getSignatureCrypto().getPrivateKey(alias,
wsPasswordCallback.getPassword());
+                    } else if (keyInfoBean.getPublicKey() != null) {
+                        return securityProperties.getSignatureCrypto().getPrivateKey(
+                                        samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword());
+                    }
+                }
+            }
+
+            return null;
+        }
+
+        private X509Certificate[] getCertificatesUsingCallback()
+            throws WSSConfigurationException, WSSecurityException {
+
+            SubjectBean subjectBean = samlCallback.getSubject();
+            if (subjectBean != null) {
+                KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+                if (keyInfoBean != null) {
+                    X509Certificate x509Certificate = keyInfoBean.getCertificate();
+                    if (x509Certificate != null) {
+                        String alias = securityProperties.getSignatureCrypto().getX509Identifier(x509Certificate);
+                        if (alias == null) {
+                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"aliasIsNull");
+                        }
+                        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                        cryptoType.setAlias(alias);
+                        return securityProperties.getSignatureCrypto().getX509Certificates(cryptoType);
+                    }
+                }
+            }
+
+            return null;
+        }
+
+
+        private byte[] getSecretKeyUsingCallback()
+            throws WSSConfigurationException, WSSecurityException {
+
+            SubjectBean subjectBean = samlCallback.getSubject();
+            if (subjectBean != null) {
+                KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
+                if (keyInfoBean != null && keyInfoBean.getCertificate() == null &&
keyInfoBean.getPublicKey() == null) {
+                   return keyInfoBean.getEphemeralKey();
+                }
+            }
+
+            return null;
+        }
+
         @Override
         public String getId() {
             return tokenId;



Mime
View raw message