CXF
  1. CXF
  2. CXF-4049

Check external CryptoProvider from message context properties in Wss4jInInterceptor

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.1
    • Fix Version/s: 2.4.7, 2.5.3
    • Component/s: Core
    • Labels:
      None
    • Environment:

      Windows

    • Estimated Complexity:
      Unknown
    • CXF Fields:
      Blocked on External

      Description

      Hi,

      Just a small improvements in Wss4jInInterceptor.
      Normally CryptoProvider doesn't instantiated directly via CryptoFactory, but firstly tried to obtained from message context properties (SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.SIGNATURE_CRYPTO). And only if the properties are not set, CryptoProvider is instantiated via CryptoFactory. This gives the possibility to replace Merlin CryptoProvider to custom one (probably non keystore based).
      AbstractBindingBuilder, XmlSignHandler, SAMLUtils are working in this way.

      Unfortunatelly it is not the case for Wss4jInInterceptor. It doesn't initializes crypto provider in RequestData and crypto provider is always created via CryptoFactory. It makes impossible to use custom implementation of CryptoProvider in incoming chain.

      Patch is attached.

      Regards,
      Andrei.

      1. WSS4JInInterceptor.patch
        1 kB
        Andrei Shakirin
      2. WSS4JInInterceptor.patch
        1 kB
        Andrei Shakirin

        Activity

        Andrei Shakirin created issue -
        Hide
        Andrei Shakirin added a comment -

        Patch

        Show
        Andrei Shakirin added a comment - Patch
        Andrei Shakirin made changes -
        Field Original Value New Value
        Attachment WSS4JInInterceptor.patch [ 12511248 ]
        Hide
        Colm O hEigeartaigh added a comment -

        Hi Andrei,

        I would be ok with this patch if you moved the functionality into the protected "computeAction" method instead. That way it doesn't override the PolicyBasedWSS4JInInterceptor. A patch for the latter is available on CXF-4034 for this issue.

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Hi Andrei, I would be ok with this patch if you moved the functionality into the protected "computeAction" method instead. That way it doesn't override the PolicyBasedWSS4JInInterceptor. A patch for the latter is available on CXF-4034 for this issue. Colm.
        Hide
        Andrei Shakirin added a comment -

        Hi Colm,

        yep, I am agree with your patch.

        Andrei.

        Show
        Andrei Shakirin added a comment - Hi Colm, yep, I am agree with your patch. Andrei.
        Colm O hEigeartaigh made changes -
        Assignee Colm O hEigeartaigh [ coheigea ]
        Colm O hEigeartaigh made changes -
        Fix Version/s 2.4.7 [ 12319492 ]
        Fix Version/s 2.5.3 [ 12319491 ]
        Colm O hEigeartaigh made changes -
        CXF Fields Blocked on External [ 10410 ]
        Hide
        Colm O hEigeartaigh added a comment -

        Hi Andrei,

        Can you resubmit this patch giving a license to Apache?

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Hi Andrei, Can you resubmit this patch giving a license to Apache? Colm.
        Hide
        Colm O hEigeartaigh added a comment -

        Resending...please see the previous comment.

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Resending...please see the previous comment. Colm.
        Hide
        Andrei Shakirin added a comment -

        Resubmitted with ASF

        Show
        Andrei Shakirin added a comment - Resubmitted with ASF
        Andrei Shakirin made changes -
        Attachment WSS4JInInterceptor.patch [ 12516814 ]
        Hide
        Andrei Shakirin added a comment - - edited

        Hi Colm,

        Probably not completely got your comment from 20/Jan/12.
        If I move this functionality to "Wss4jInInterceptor.computeAction()", PolicyBasedWss4JInInterceptor will override with method and custom crypto provider will not be activated. Or did you mean "PolicyBasedWss4JInInterceptor.computeAction()"? Also not sure that computeAction() is the right place for checking custom crypto provider.

        But as far as you already fixed this problem by CXF-4034 in "PolicyBasedWss4JInInterceptor.checkAsymmetricBinding()", it doesn't matter.

        Andrei.

        Show
        Andrei Shakirin added a comment - - edited Hi Colm, Probably not completely got your comment from 20/Jan/12. If I move this functionality to "Wss4jInInterceptor.computeAction()", PolicyBasedWss4JInInterceptor will override with method and custom crypto provider will not be activated. Or did you mean "PolicyBasedWss4JInInterceptor.computeAction()"? Also not sure that computeAction() is the right place for checking custom crypto provider. But as far as you already fixed this problem by CXF-4034 in "PolicyBasedWss4JInInterceptor.checkAsymmetricBinding()", it doesn't matter. Andrei.
        Hide
        Colm O hEigeartaigh added a comment -

        Hi Andrei,

        The problem with the patch you submitted, is that it would override the work done in CXF-4034. With the current code I checked in, it only gets called for the non-policy case.

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Hi Andrei, The problem with the patch you submitted, is that it would override the work done in CXF-4034 . With the current code I checked in, it only gets called for the non-policy case. Colm.
        Colm O hEigeartaigh made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Andrei Shakirin added a comment -

        Aah, got it.
        Andrei.

        Show
        Andrei Shakirin added a comment - Aah, got it. Andrei.
        Daniel Kulp made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Andrei Shakirin
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development