This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit 22c76a46ce6e164f80aad0ac762c086a16f53059
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Jun 19 09:28:14 2025 +0100
Removing SAML Signature crypto loading from action
---
.../wss4j/dom/action/SAMLTokenSignedAction.java | 25 ++--------------------
.../org/apache/wss4j/dom/handler/WSHandler.java | 10 +++++++++
2 files changed, 12 insertions(+), 23 deletions(-)
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
index b8720ef1d..0e9ae6ef5 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
@@ -23,7 +23,6 @@ import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.SecurityActionToken;
import org.apache.wss4j.common.SignatureActionToken;
-import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -37,21 +36,8 @@ import org.apache.wss4j.dom.saml.WSSecSignatureSAML;
public class SAMLTokenSignedAction implements Action {
- private static final org.slf4j.Logger LOG =
- org.slf4j.LoggerFactory.getLogger(SAMLTokenSignedAction.class);
-
public void execute(WSHandler handler, SecurityActionToken actionToken,
RequestData reqData)
throws WSSecurityException {
- Crypto crypto = null;
-
- // it is possible and legal that we do not have a signature crypto
here - thus ignore the exception.
- // This is usually the case for the SAML option "sender vouches". In
this case no user crypto is
- // required.
- try {
- crypto = handler.loadSignatureCrypto(reqData);
- } catch (Exception ex) {
- LOG.debug(ex.getMessage(), ex);
- }
CallbackHandler samlCallbackHandler =
handler.getCallbackHandler(
@@ -89,14 +75,7 @@ public class SAMLTokenSignedAction implements Action {
CallbackHandler callbackHandler = reqData.getCallbackHandler();
- SignatureActionToken signatureToken = null;
- if (actionToken instanceof SignatureActionToken) {
- signatureToken = (SignatureActionToken)actionToken;
- }
- if (signatureToken == null) {
- signatureToken = reqData.getSignatureToken();
- }
-
+ SignatureActionToken signatureToken = reqData.getSignatureToken();
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.ST_SIGNED);
ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
@@ -124,7 +103,7 @@ public class SAMLTokenSignedAction implements Action {
try {
wsSign.build(
- crypto,
+ actionToken.getCrypto(),
samlAssertion,
samlCallback.getIssuerCrypto(),
samlCallback.getIssuerKeyName(),
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
index 5aecd979b..c90f1d48d 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
@@ -158,6 +158,16 @@ public abstract class WSHandler {
} else if (actionToDo.getAction() == WSConstants.ST_SIGNED
&& actionToDo.getActionToken() == null) {
decodeSignatureParameter(reqData);
+ // it is possible and legal that we do not have a signature
crypto here - thus ignore the exception.
+ // This is usually the case for the SAML option "sender
vouches". In this case no user crypto is
+ // required.
+ try {
+ SignatureActionToken actionToken = new
SignatureActionToken();
+ actionToken.setCrypto(loadSignatureCrypto(reqData));
+ actionToDo.setActionToken(actionToken);
+ } catch (Exception ex) {
+ LOG.debug(ex.getMessage(), ex);
+ }
} else if ((actionToDo.getAction() == WSConstants.ENCR
|| actionToDo.getAction() == WSConstants.DKT_ENCR)
&& actionToDo.getActionToken() == null) {
